Encrypted Client Hello Approved for Publication
9 months ago
- #Cryptography
- #Privacy
- #TLS
- Feisty Duck’s Cryptography & Security Newsletter provides updates on cryptography, security, privacy, SSL/TLS, and PKI, enjoyed by over 50,000 subscribers monthly.
- TLS 1.3, released in 2018, modernized cryptography in TLS while maintaining backward compatibility, making network traffic more secure.
- Encrypted Client Hello (ECH) has been approved by the TLS working group, addressing the issue of server identity visibility in plaintext during the TLS handshake.
- ECH uses special encryption keys placed in DNS via SVCB or HTTPS resource records, a solution designed to work in real-world scenarios.
- Major browsers and Cloudflare support ECH, but its adoption faces challenges, including blocking by countries like Russia and China.
- ECH improves privacy globally but raises concerns for middleboxes, corporate networks, and parental controls that rely on TLS handshake visibility.
- The newsletter is authored by Ivan Ristić, who also offers courses on deploying secure servers and encrypted web applications.