Mozilla has announced plans to replace an earlier browser encryption technology with Encrypted Client Hello (ECH), staring with Firefox 85.
More specifically Draft 8 of ECH offers a successor to the similar, but less sophisticated Encrypted SNI (ESNI) technology, whose recently revealed shortcomings were deemed to make it unsuitable as a privacy technology.
“To address the shortcomings of ESNI, recent versions of the specification no longer encrypt only the SNI extension and instead encrypt an entire Client Hello message (thus the name change from ‘ESNI’ to ‘ECH’),” Mozilla explained in a blog post announcing its adoption of the technology.
You say goodbye…
Server Name Indication (SNI) is an extension to Transport Layer Security (TLS) protocol that allows multiple secure websites to be served on the same IP address. The technology transmits the domain name of the website you want to visit in plaintext.
ESNI masks a server’s name so that ISPs or WiFi hotspot providers can’t infer a user’s surfing habits.
However, analysis has shown that encrypting only the SNI extension provides incomplete privacy protection for web users.
For example, “during session resumption, the Pre-Shared Key extension could, legally, contain a cleartext copy of exactly the same server name that is encrypted by ESNI”, Mozilla explained.
In addition, real-world attempts to deploy ESNI have run afoul of interoperability and deployment challenges that mitigate against its widespread usage.
… I say hello
ECH is far more than just a renamed update to ESNI. For example, ECH also adds a retry mechanism to increase reliability with respect to server key rotation and DNS caching.
Put simply, ECH encrypts the full handshake so that sensitive metadata is kept secret.
Used in conjunction, both ECH and DNS-over-HTTPS are aimed at offering end-to-end user privacy.
Mozilla working with Cloudflare, are earlier adopter of the technology, and others on standardizing the Encrypted Client Hello specification at the Internet Engineering Task Force.
A blog post by Cloudflare provides a technical backgrounder on ECH.
An update to Draft 9 of the protocol (which is targeted for wider interoperability testing and deployment) is forthcoming, according to Mozilla.
The Daily Swig asked both Mozilla and Cloudflare for comment on how they were working together as well as a line on challenges might arise when it comes to deploying ECH at scale. We’ll update this story as and when we hear more.
Firefox 85 is currently in beta and due for full rollout by the end of January.
Source: https://portswigger.net/daily-swig/encrypted-client-hello-upcoming-firefox-85-rollout-builds-momentum-for-esni-successor