Good-bye ESNI, hello ECH!

Click for: original source

Most communication on the modern Internet is encrypted to ensure that its content is intelligible only to the endpoints, i.e., client and server. Encryption, however, requires a key and so the endpoints must agree on an encryption key without revealing the key to would-be attackers. By Christopher Patton.

In this post we’ll dive into Encrypted Client Hello (ECH), a new extension for TLS that promises to significantly enhance the privacy of this critical Internet protocol. Today, a number of privacy-sensitive parameters of the TLS connection are negotiated in the clear. This leaves a trove of metadata available to network observers, including the endpoints’ identities, how they use the connection, and so on.

The TLS 1.3 handshake

Source: https://blog.cloudflare.com/encrypted-client-hello/

The article contains information on:

  • The story of TLS is the story of the Internet
  • Handshake encryption in TLS
  • Before ECH there was (and is!) ESNI
  • The ins and outs of ECH
  • The spectre of ossification

… and more. Ultimately, the goal of ECH is to ensure that TLS connections made to different origin servers behind the same ECH service provider are indistinguishable from one another.

The old TLS handshake is (unintentionally) leaky. Operational requirements of both the client and server have led to privacy-sensitive parameters, like SNI, being negotiated completely in the clear and available to network observers. Excellent and very detailed read!

[Read More]

Tags infosec microservices devops app-development