1. 21
  1.  

  2. 5

    tldr; we screwed up security the last few times, but we think we got it right this time.

    1. 5

      A bit more privacy than security, because, yes, privacy is a spectrum and folks are continuously trying to improve 🙂

      1. 4

        I do think it makes more sense than ESNI, which was just a patch. Encrypting the entire hello in retrospect simply covers everything.

      2. 2

        This is great to see, and it should also mitigate against TLS client fingerprinting attacks. However, ESNI is blocked by nation-state censors like China so I expect the same to happen for ECH.

        1. 1

          Is this needed with HTTP/3? As I understand it, with HTTP/3, the underlying QUIC transport provides the privacy guarantees that they’re building here. It looks as if Firefox supports HTTP/3.