So DoH alone encrypts the DNS request which could reveal the intended domain, and ECH does likewise but for the initial HTTP request? Maybe I’m thick, but to me it sounds like DoH without ECH is insufficient?
In a sense yeah, you want ECH too. It’s just that ECH makes up for a HTTP-specific fault. DNS is used for more than HTTP; if you’re not using HTTP then DoH is enough.
So DoH alone encrypts the DNS request which could reveal the intended domain, and ECH does likewise but for the initial HTTP request? Maybe I’m thick, but to me it sounds like DoH without ECH is insufficient?
In a sense yeah, you want ECH too. It’s just that ECH makes up for a HTTP-specific fault. DNS is used for more than HTTP; if you’re not using HTTP then DoH is enough.
HTTP and HTTPS-specific?
It’s HTTPS-specific, since HTTP is not encrypted.