Support Encrypted ClientHellos (ECH, formerly ESNI) #199
Comments
|
Is this waiting for the draft to get finalised, or what's holding up progress here? |
|
Ah, i took a look at some articles and the draft itself, it has entirely pivoted away from ESNI, and towards Encrypted ClientHello, some more info on that in this blog post; https://blog.cloudflare.com/encrypted-client-hello/ |
|
I think #508 has the latest status. |
|
Now that Cloudflare is slowly and progressively enabling ECH to the public, we will need to think about putting this on schedule too |
This comment was marked as spam.
This comment was marked as spam.
This comment was marked as off-topic.
This comment was marked as off-topic.
|
Firefox announcement: https://blog.mozilla.org/en/products/firefox/encrypted-hello/ |
|
FYI, The TLS WG at IETF is hoping to close out remaining design questions for ECH. If anyone out there wanted to take a stab at implementing in rustls, now would be the ideal time to start. FWIW it has been implemented in Go (https://github.com/cloudflare/go), NSS, and boringSSL |
Encrypted SNI is on the standards track and is already being deployed by big players.
Draft RFC: https://tools.ietf.org/html/draft-ietf-tls-esni
Championed by the EFF: https://www.eff.org/deeplinks/2018/09/esni-privacy-protecting-upgrade-https
Deployed by Cloudflare: https://blog.cloudflare.com/esni/
Cloudflare's technical details post: https://blog.cloudflare.com/encrypted-sni/
Supported by Firefox: https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/
Supported by NSS: https://bugzilla.mozilla.org/show_bug.cgi?id=1495120
ESNI is specifically being pushed by Sen. Ron Wyden (D-OR): https://gizmodo.com/sen-wyden-urges-dhs-to-adopt-new-encryption-tech-to-pr-1830001179
picptls work in progress: h2o/picotls#187
gnutls status: https://gitlab.com/gnutls/gnutls/issues/595
OpenSSL status: openssl/openssl#7482
The text was updated successfully, but these errors were encountered: