Harry SintonenMar 10

#RFC9849: TLS Encrypted Client Hello was published 2026-03-03. Now lets make servers and clients use it to improve #privacy for everyone.

https://datatracker.ietf.org/doc/rfc9849/

RFC 9849: TLS Encrypted Client Hello

This document describes a mechanism in Transport Layer Security (TLS) for encrypting a message under a server public key.

IETF Datatracker
Bruce Simpson, Ph.D.Mar 7
On the #IETF publishing #RFC9849 for TLS 1.3 Encrypted Client Hello (#ECH): Whilst #DNS-over-HTTPS (DoH) helps close some of the gaps left by ECH, it is not a panacea.
#Android 16's severe limitation of only allowing #DoH servers to be specified by fully-qualified domain name (#FQDN), and not plain IP addresses, negates much of the #privacy & #security advantages of DoH.
Thus your ISP can block access to those servers, by front-running the recursive #DNS needed to bootstrap its use.
Sami LehtinenMar 4
It’s finally out! Encrypted Client Hello (ECH) for encrypting web-site domains when connecting to a server. https://datatracker.ietf.org/doc/rfc9849/ #ECH #HTTPS #TLS #RFC9849
RFC 9849: TLS Encrypted Client Hello

This document describes a mechanism in Transport Layer Security (TLS) for encrypting a message under a server public key.

IETF Datatracker