ECH

Creator

Creator

Seonglae Cho

Created

Created

2021 Jun 1 2:3

Editor

Editor

Seonglae Cho

Edited

Edited

2021 Jun 1 2:15

Refs

Refs

Encrypted Clieht Hello

TLS Encrypted ClientHello (ECH) extension enables clients to encrypt ClientHello messages which are normally sent in cleartext, under a server's public key

This avoids leaking sensitive fields like the server name to the network

Good-bye ESNI, hello ECH!

Most communication on the modern Internet is encrypted to ensure that its content is intelligible only to the endpoints, i.e., client and server. Encryption, however, requires a key and so the endpoints must agree on an encryption key without revealing the key to would-be attackers.

Good-bye ESNI, hello ECH!

https://blog.cloudflare.com/encrypted-client-hello/

Good-bye ESNI, hello ECH!

Chrome Platform Status

The TLS Encrypted ClientHello (ECH) extension enables clients to encrypt ClientHello messages, which are normally sent in cleartext, under a server's public key. This avoids leaking sensitive fields like the server name to the network. ECH is currently specified in draft-ietf-tls-esni-08. Note that earlier iterations of this specification were called Encrypted Server Name Indication, or ESNI.

Chrome Platform Status

https://www.chromestatus.com/feature/6196703843581952

draft-ietf-tls-esni-10 - TLS Encrypted Client Hello

tls E. Rescorla Internet-Draft RTFM, Inc. Intended status: Standards Track K. Oku Expires: 9 September 2021 Fastly N. Sullivan C.A. Wood Cloudflare 8 March 2021 TLS Encrypted Client Hello draft-ietf-tls-esni-10 Abstract This document describes a mechanism in Transport Layer Security (TLS) for encrypting a ClientHello message under a server public key.

draft-ietf-tls-esni-10 - TLS Encrypted Client Hello

https://datatracker.ietf.org/doc/draft-ietf-tls-esni/

Recommendations

/////////