• LWD@lemm.ee
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    So DoH alone encrypts the DNS request which could reveal the intended domain, and ECH does likewise but for the initial HTTP request? Maybe I’m thick, but to me it sounds like DoH without ECH is insufficient?

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      In a sense yeah, you want ECH too. It’s just that ECH makes up for a HTTP-specific fault. DNS is used for more than HTTP; if you’re not using HTTP then DoH is enough.