Property | ECH | Protected Initials | Version Aliasing |
---|---|---|---|
Fields Protected | Some of Client Hello | All Initial Payloads | All Initial Payloads |
Delay when server loses its keys | 1 RTT | 2 RTT | 2 RTT |
Works with TLS over TCP | Yes | No | No |
First-connection protection | Yes | Yes | No |
Prevents Initial packet injection attacks | No | Yes | Yes |
Symmetric Encryption Only | No | No | Yes |
Greases the Version Field | No | No | Yes |
Prevents Retry injection attacks | No | No | Yes |
No trial decryption | No | No | Yes |
Value | Parameter Name | Specification |
---|---|---|
TBD | public_key_failed | This document |
TBD | ECHConfig | This document |
TBD | initial_encryption_context | This document |