Re: How does Encrypted SNI protect against censorship from DNS Providers?
> Why can't China do the encryption themselves and find out what the request for a site they don't like would look like?
The way asymmetric encryption usually works is that the client would generate a random encryption key to use with a symmetric encryption algorithm (like AES). Think of this like a randomly chosen password, only with massively better entropy. This key is then encrypted with the public key (eg RSA), so only the server with the private key can derive the randomly chosen key and can then derive the content. So each request to chinadoesnotlikeme.com will look different.
So points 1 and 2 aren't a problem on this account. The real problem is knowing who owns the private key that corresponds to the public key you have just used.
> Could China block all these encrypted requests such that only standard requests get through?
They almost certainly would.
> Does China have enough power to prevent the big cloud providers from using this?
Certainly within their borders.