Closed Bug 1709263 Opened 3 years ago Closed 3 years ago

Please restore ESNI until at least Cloudflare implements ECH

Categories

(NSS :: Libraries, enhancement)

enhancement

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: zesanup, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0

Steps to reproduce:

Open https://www.cloudflare.com/cdn-cgi/trace and see that the SNI is plaintext. This should be encrypted.

Actual results:

Some websites that are hosted on servers implementing ESNI do not work, because of ISP blocking.

Expected results:

Websites that are hosted on servers implementing ESNI, such as Cloudflare, should work.

Yes, ECH is the way forward. Everyone knows that. But it has been half a year since ESNI was removed and ECH is clearly not ready. Instead of waiting for Cloudflare and others to deploy ECH at some point in the uncertain future (though seemingly distant future, as the 10th ECH draft was published in March), why not restore ESNI functionality in Fenix so that users can access websites now? This would be the practical solution to the problem.

Backstory: https://bugzilla.mozilla.org/show_bug.cgi?id=1667801 This conversation was going somewhere positive, but some idiot decided to hurl abuses and the bug was locked. I hope to continue that discussion, and that you reconsider the premature removal of ESNI, given that no one is using ECH at the moment, and certain websites will stay ISP-blocked for the foreseeable future.

We can't just restore ESNI. Both ESNI and ECH are massively complex and touch the same code, so we made the call a long while back to replace ESNI with ECH rather than try to keep both. So ESNI is just gone now.

I can't say when ECH will be deployed, but we ask for patience. Mostly we're blocked on server side support and standardization in some mix. Both take longer than you might like, but there isn't much we can do about that.

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → WONTFIX

Alright. Thank you!

You need to log in before you can comment on or make changes to this bug.