From 6bacc7526f566b7da09d9409ac3794c2b534a390 Mon Sep 17 00:00:00 2001
From: Christopher Wood <caw@heapingbits.net>
Date: Fri, 13 Oct 2023 06:32:39 -0700
Subject: [PATCH] Update draft-ietf-tls-esni.md

Co-authored-by: Dennis Jackson <88591716+dennisjackson@users.noreply.github.com>
---
 draft-ietf-tls-esni.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/draft-ietf-tls-esni.md b/draft-ietf-tls-esni.md
index af8125e7..2fcabcbc 100644
--- a/draft-ietf-tls-esni.md
+++ b/draft-ietf-tls-esni.md
@@ -1204,7 +1204,7 @@ client implementations to honor this action. Another approach may be to
 intercept and decrypt client TLS connections. The feasibility of alternative
 solutions is specific to individual deployments.
 
-In environments where the network operator controls the endpoint devices, but
+In environments where the network operator does not control the endpoint devices, or does controls the endpoint devices, but
 is concerned about the security consequences of compromised devices, e.g., data
 exfiltration, the SNI field is unsuitable for use as a control even in the
 absence of ECH. This is because compromised devices can alter or spoof the