> That wouldn't fly politically in the working group, because the "enterprise" people have at least some influence there, and they want to do exactly the same kinds of DPI that North Korea would want to do.
If this was true, TLS 1.3 would have RSA kex. The "enterprise" people (specifically in fact EDCO, the Enterprise Data Centre Operators, Nalini Elkins' group) really wanted to keep RSA kex. It was removed in TLS 1.3 anyway because it's a bad idea.
In practice the intention is that ECH will be GREASEd, so yes, it will go from being nowhere to being apparently everywhere almost overnight. It's not specifically intended that GREASing ECH will defy the Great Firewall, but it's a possible outcome. China can decide its own policies without help from us.
For EDCO and similar outfits, ECH changes nothing.
> In practice the intention is that ECH will be GREASEd
If even fake ECH extensions get rejected, then it's hard to deploy the whole GREASy burrito.
> China can decide its own policies without help from us.
... but China can make it uncomfortable to support ECH worldwide. It's not a free action for a service to risk being blocked in China, or for client software to accept being unreliable or unusable in China. That affects deployment in the rest of the world. We'll see who wins the war of wills, but I'm afraid that the "Western" entities that have the most control over what's widely deployed are not going to have will enough.
If this was true, TLS 1.3 would have RSA kex. The "enterprise" people (specifically in fact EDCO, the Enterprise Data Centre Operators, Nalini Elkins' group) really wanted to keep RSA kex. It was removed in TLS 1.3 anyway because it's a bad idea.
In practice the intention is that ECH will be GREASEd, so yes, it will go from being nowhere to being apparently everywhere almost overnight. It's not specifically intended that GREASing ECH will defy the Great Firewall, but it's a possible outcome. China can decide its own policies without help from us.
For EDCO and similar outfits, ECH changes nothing.