Using TLS ECH from Python

January 10, 2025

At first, the idea of encrypting more of the metadata found inside the initial packet (the “ClientHello”) of a TLS connection may seem …

Quick set up guide for Encrypted Client Hello (ECH)

November 10, 2023

The Encrypted Client Hello (ECH) mechanism draft-spec is a way to plug a few privacy-holes that remain in the Transport Layer Security (TLS) protocol …

DEfO - Developing ECH for OpenSSL (round two)

November 9, 2023

Encrypted ClientHello (ECH) plugs a privacy-hole in TLS, hiding previously visible details from network observers. The most important being the name …

IETF116 Conference Report: Tuesday March 28, 2023

March 29, 2023

Day Two of the 116th IETF meeting in Yokohama Japan. For the rundown on Day One, see my daily report. The OHAI Working Group has submitted the core …

IETF: Year End Review 2021

December 23, 2021

In terms of potential impact on Internet Freedom, it’s been a banner year at the Internet Engineering Task Force (IETF). QUIC (featuring the improved …

Implementing TLS Encrypted Client Hello

November 30, 2021

As part of the DEfO project, we have been working on accelerating the development Encrypted Client Hello (ECH) as standardized by the IETF. ECH is the …

Security in a thumb drive: the promise and pain of hardware security modules, take one!

March 28, 2014

Hardware Security Modules (aka Smartcards, chipcards, etc) provide a secure way to store and use cryptographic keys, while actually making the whole …