DigiNews

Summary

RFC 9849 defines TLS Encrypted Client Hello (ECH), which encrypts the sensitive parts of ClientHelloInner using HPKE and transmits an outer ClientHello containing the encrypted inner data. It outlines the ECHConfig format, client/server flow (including acceptance, rejection, and retry paths) and deployment modes (shared vs split), plus GREASE for deniability. The document also covers deployment considerations, security implications, and IANA registries for new TLS extension types.