Hacker News new | past | comments | ask | show | jobs | submit login

Not speaking for new23d but many corporations are required per their own compliance documentation to make a best effort to block access to known malware and sanctioned sites. If they are unable to do so via their corporate firewalls such as PAN and Fortigate and the like, then they will have to disable ECH and possibly DoH in their networks until other options are in place such as MiTM proxies and those are not always an option due to cost or other compliance conundrums. Intercepting personal traffic to banks, etc... varies by AUP and company/employee agreements, corporate risk acceptance, requirements.

Now speaking just for myself, the moment OpenSSL, HAProxy, NGinx and Apache support ECH I am turning it on everywhere. I have been waiting a long time for it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: