The Pros and Cons of Encrypted Client Hello

Рет қаралды 5,970

Күн бұрын

Discovering Backend Bottlenecks: Unlocking Peak Performance
performance.husseinnasser.com
The Encrypted Client Hello or ECH is a new RFC that encrypts the TLS client hello to hide sensitive information like the SNI. In this video I go through pros and cons of this new rfc.
0:00 Intro
2:00 SNI
4:00 Client Hello
8:40 Encrypted Client Hello
11:30 Inner Client Hello Encryption
18:00 Client-Facing Outer SNI
21:20 Decrypting Inner Client Hello
23:30 Disadvantages
26:00 Censorship vs Privacy ECH
blog.cloudflare.com/announcin...
chromestatus.com/feature/6196...
-Hussein
Fundamentals of Backend Engineering Design patterns udemy course (link redirects to udemy with coupon)
backend.husseinnasser.com
Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon)
network.husseinnasser.com
Fundamentals of Database Engineering udemy course (link redirects to udemy with coupon)
database.husseinnasser.com
Follow me on Medium
/ membership
Introduction to NGINX (link redirects to udemy with coupon)
nginx.husseinnasser.com
Python on the Backend (link redirects to udemy with coupon)
python.husseinnasser.com
Become a Member on KZfaq
/ @hnasr
Buy me a coffee if you liked this
www.buymeacoffee.com/hnasr
Arabic Software Engineering Channel
/ @husseinnasser
🔥 Members Only Content
• Members-only videos
🏭 Backend Engineering Videos in Order
backend.husseinnasser.com
💾 Database Engineering Videos
• Database Engineering
🎙️Listen to the Backend Engineering Podcast
husseinnasser.com/podcast
Gears and tools used on the Channel (affiliates)
🖼️ Slides and Thumbnail Design
Canva
partner.canva.com/c/2766475/6...
Stay Awesome,
Hussein

Пікірлер: 26

@hnasr 9 ай бұрын

apologies about the echo especially if your listening with air piece, replaced carpet in my home with vinyl and i think I need to sound treat the room.

@ZeeshanAli-nk3xk 9 ай бұрын

haha, its okay. it was good all along while using laptop.

@skyhappy 9 ай бұрын

Good choice, carpet is much harder to clean and looks worse

@tojamura 9 ай бұрын

"I've got nothing to hide" is a pretty naive way of looking at these things.

@silverpoision 9 ай бұрын

Exactly

@abhijeetviswa 9 ай бұрын

Agreed. Didn't expect this take on this video. Makes me want to skip it entirely since the reasoning behind the RFC isn't even being considered.

@Triplechomending 6 ай бұрын

Did you actually listen to his entire take there? His take was not "I've got nothing to hide", his take was that when you do happen to be visiting normie websites (regardless of wherever else you may or may not visit) the added complexity becomes pointless and wasteful

@theweirdamir 9 ай бұрын

Irans GFW(DPI) Iis using SNI filtering on cloudflare to stop proxys on CF CDN.

@sarvagyadwivedi2467 9 ай бұрын

Asked my packet sniffer about the latest SNI. Got a shrug and "it's complicated". Thanks ECH

@fdm225 9 ай бұрын

Question, why wouldn't the ISP upon seeing the packet with the double client hello just automatically return a server hello with their own crypto info so as to create a fully proxy. At that point wouldn't they be able to see the eSNI that the sender is trying protect?

@coyotatorolla 7 ай бұрын

From my understanding when the request gets to the server the server tries to decrypt the inner hello with its private key. The server public key would be served to the client in the initial dns over http. And if the server can’t decrypt the inner hello it is left with the outter hello and it won’t send the certificate. Or if the certificate is served by a different party other then the actual server the client will close the connection. He is talking about it at minute 22:00

@medazizchagour6750 9 ай бұрын

Can you do a video on how to design databases (relational db) on a microservice contest?

@saman_729es 9 ай бұрын

Great we enjoy it

@simo47768 9 ай бұрын

Awaome explanation. I agree. Seems too complicated.

@ronaksuchak 9 ай бұрын

This should be part of http protocol But I don't think governments will let it be a reality

@ivanrozhkov440 9 ай бұрын

Absolutely love your videos! But for the love of God make yourself louder somehow. I cannot hear you properly, unless I'm in a quiet place or using anc headphones.

@RK-ly5qj 9 ай бұрын

You may not know, but some IPs are using dns:53 requests to offer ADs or selling such information about particular user. Yes it seems complicated, but it has sense ;) you just decrease your footprint and overall sniffing over you. Privacy is a very important thing today, and even look for some countries where privacy is an exotic thing to achieve :)

@autohmae 9 ай бұрын

DoH or DoT are easy to do, it's just turn on a switch in unbound or dnsdist

@mikestaub 9 ай бұрын

I disagree it is overkill. This is a quantum leap for privacy is adopted on par with TOR

@yes-ni1od 9 ай бұрын

How to make a 5-minute read turn into a 30-minute youtube video. Your content is dull and monotonous, you don't add anything to the original article

@ZeeshanAli-nk3xk 9 ай бұрын

That is very wrong to say. He explains a lot of stuff and adds on a lot of things... please be respectful.

@yes-ni1od 9 ай бұрын

@@ZeeshanAli-nk3xk I am being respectful, especially to the people who might decide to purchase this guy's fake courses where he just blabbers on about content

@stuzard 9 ай бұрын

How to make a worthless comment. Your comment is impractical & unnecessary, Absolutely ridiculous !! I am a beginner & his explainer videos are a gem to catch up with the industry trends along with my studies. So, Hussein bhai, please keep up with the videos. Love it.

@ZeeshanAli-nk3xk 9 ай бұрын

Again... really no truth in your reply. I took his course on Network Engineering. And I am glad I bought it, he not only taught about the concepts you would learn in a particular course but his way of thinking, his methodology has inspired me to work, think and act differently in my career. You might not like a thing or two, it's okay to disagree on some aspects but cancelling out and making these comments doesn't do anything good.

@niksatan 9 ай бұрын

Dude I agree 100% with you, this guy is not going to the point, just tell stories to newbies without respecting out time. He is not teacher, he is preaching for clicks.