Skip to main content

1. Introduction

1. Introduction

Encrypted ClientHello (ECH) [RFC9849] for TLS 1.3 [RFC8446] defines a confidentiality mechanism for server names and other ClientHello content in TLS. This requires publishing an ECHConfigList data structure in an HTTPS or SVCB resource record [RFC9460] in the DNS.

An ECHConfig contains the public component of a key pair, typically generated or regenerated by a key manager for a TLS server. TLS servers need to be configured to use these key pairs. Because servers can use different TLS libraries, a standard format for ECH key pairs and configurations is useful, similar to the formats defined by [RFC7468].