New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Encrypted ClientHellos (ECH, formerly ESNI) #199
Comments
Is this waiting for the draft to get finalised, or what's holding up progress here? |
Ah, i took a look at some articles and the draft itself, it has entirely pivoted away from ESNI, and towards Encrypted ClientHello, some more info on that in this blog post; https://blog.cloudflare.com/encrypted-client-hello/ |
I think #508 has the latest status. |
Now that Cloudflare is slowly and progressively enabling ECH to the public, we will need to think about putting this on schedule too |
This comment was marked as spam.
This comment was marked as spam.
This comment was marked as off-topic.
This comment was marked as off-topic.
Firefox announcement: https://blog.mozilla.org/en/products/firefox/encrypted-hello/ |
FYI, The TLS WG at IETF is hoping to close out remaining design questions for ECH. If anyone out there wanted to take a stab at implementing in rustls, now would be the ideal time to start. FWIW it has been implemented in Go (https://github.com/cloudflare/go), NSS, and boringSSL |
Encrypted SNI is on the standards track and is already being deployed by big players.
Draft RFC: https://tools.ietf.org/html/draft-ietf-tls-esni
Championed by the EFF: https://www.eff.org/deeplinks/2018/09/esni-privacy-protecting-upgrade-https
Deployed by Cloudflare: https://blog.cloudflare.com/esni/
Cloudflare's technical details post: https://blog.cloudflare.com/encrypted-sni/
Supported by Firefox: https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/
Supported by NSS: https://bugzilla.mozilla.org/show_bug.cgi?id=1495120
ESNI is specifically being pushed by Sen. Ron Wyden (D-OR): https://gizmodo.com/sen-wyden-urges-dhs-to-adopt-new-encryption-tech-to-pr-1830001179
picptls work in progress: h2o/picotls#187
gnutls status: https://gitlab.com/gnutls/gnutls/issues/595
OpenSSL status: openssl/openssl#7482
The text was updated successfully, but these errors were encountered: