haiku2077 4 days ago

Client Hello can be encrypted: https://support.mozilla.org/en-US/kb/understand-encrypted-cl...

2
simiones 4 days ago

Oh, right, thanks for the correction!

However, ECH relies on a trusted 3rd party to provide the key of the server you are intending to talk to. So, it won't work if you have no way of authenticating the server beforehand the way GP was thinking about.

EE84M3i 4 days ago

Yes but this still depends on identity. It's not unauthenticated.

1 reply
ekr____ 3 days ago

The situation is actually somewhat more complicated than this.

ECH gets the key from the DNS, and there's no real authentication for this data (DNSSEC is rare and is not checked by the browser). See S 10.2 [0] for why this is reasonable.

[0] https://tlswg.org/draft-ietf-tls-esni/draft-ietf-tls-esni.ht...