[SahAssar]

* DoT/DoH

* An outer SNI name when doing ECH perhaps

* Being able to host secure http/mail/etc without being beholden to a domain registrar

[12_throw_away]

To save others a trip to Kagi: DoT / DoH = DNS over TLS [1] / https [2]

E.g.:

[1] https://developers.cloudflare.com/1.1.1.1/encryption/dns-ove...

[2] https://developers.cloudflare.com/1.1.1.1/encryption/dns-ove...

[miladyincontrol]

IP addresses arent valid for the SNI used with ECH, even with TLS. On paper I do agree though it would be a decent option should things one day change there.

[tialaramex]

I think that would have been an alternate present rather than a plausible future.

ECH needs for the outer (unencrypted) SNI to be somewhat plausible as a destination. For ECH GREASE what happens is that this outer SNI was real, what looks like the encrypted inner ECH data is just random noise.

For non-GREASE ECH we want to look as much like the GREASE as we can, except that it's not noise that's the encrypted payload with a real inner SNI among other things.

[cryptonector]

Oh nice! I hadn't considered DoT/DoH. The ECH angle is interesting. Thanks.