tldr; we screwed up security the last few times, but we think we got it right this time.
A bit more privacy than security, because, yes, privacy is a spectrum and folks are continuously trying to improve 🙂
I do think it makes more sense than ESNI, which was just a patch. Encrypting the entire hello in retrospect simply covers everything.
This is great to see, and it should also mitigate against TLS client fingerprinting attacks. However, ESNI is blocked by nation-state censors like China so I expect the same to happen for ECH.
Is this needed with HTTP/3? As I understand it, with HTTP/3, the underlying QUIC transport provides the privacy guarantees that they’re building here. It looks as if Firefox supports HTTP/3.