No video
The Pros and Cons of Encrypted Client Hello
Рет қаралды 6,089
Күн бұрынDiscovering Backend Bottlenecks: Unlocking Peak Performance
performance.hu...
The Encrypted Client Hello or ECH is a new RFC that encrypts the TLS client hello to hide sensitive information like the SNI. In this video I go through pros and cons of this new rfc.
0:00 Intro
2:00 SNI
4:00 Client Hello
8:40 Encrypted Client Hello
11:30 Inner Client Hello Encryption
18:00 Client-Facing Outer SNI
21:20 Decrypting Inner Client Hello
23:30 Disadvantages
26:00 Censorship vs Privacy ECH
blog.cloudflar...
chromestatus.c...
-Hussein
Fundamentals of Backend Engineering Design patterns udemy course (link redirects to udemy with coupon)
backend.hussei...
Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon)
network.hussei...
Fundamentals of Database Engineering udemy course (link redirects to udemy with coupon)
database.husse...
Follow me on Medium
/ membership
Introduction to NGINX (link redirects to udemy with coupon)
nginx.husseinn...
Python on the Backend (link redirects to udemy with coupon)
python.hussein...
Become a Member on KZbin
/ @hnasr
Buy me a coffee if you liked this
www.buymeacoff...
Arabic Software Engineering Channel
/ @husseinnasser
🔥 Members Only Content
• Members-only videos
🏭 Backend Engineering Videos in Order
backend.hussei...
💾 Database Engineering Videos
• Database Engineering
🎙️Listen to the Backend Engineering Podcast
husseinnasser....
Gears and tools used on the Channel (affiliates)
🖼️ Slides and Thumbnail Design
Canva
partner.canva....
Stay Awesome,
Hussein
@hnasr 10 ай бұрын
apologies about the echo especially if your listening with air piece, replaced carpet in my home with vinyl and i think I need to sound treat the room.
@ZeeshanAli-nk3xk 10 ай бұрын
haha, its okay. it was good all along while using laptop.
@skyhappy 10 ай бұрын
Good choice, carpet is much harder to clean and looks worse
@tojamura 10 ай бұрын
"I've got nothing to hide" is a pretty naive way of looking at these things.
@silverpoision 10 ай бұрын
Exactly
@abhijeetviswa 10 ай бұрын
Agreed. Didn't expect this take on this video. Makes me want to skip it entirely since the reasoning behind the RFC isn't even being considered.
@Triplechomending 6 ай бұрын
Did you actually listen to his entire take there? His take was not "I've got nothing to hide", his take was that when you do happen to be visiting normie websites (regardless of wherever else you may or may not visit) the added complexity becomes pointless and wasteful
@theweirdamir 10 ай бұрын
Irans GFW(DPI) Iis using SNI filtering on cloudflare to stop proxys on CF CDN.
@sarvagyadwivedi2467 10 ай бұрын
Asked my packet sniffer about the latest SNI. Got a shrug and "it's complicated". Thanks ECH
@simo47768 10 ай бұрын
Awaome explanation. I agree. Seems too complicated.
@saman_729es 10 ай бұрын
Great we enjoy it
@medazizchagour6750 10 ай бұрын
Can you do a video on how to design databases (relational db) on a microservice contest?
@ronaksuchak 10 ай бұрын
This should be part of http protocol But I don't think governments will let it be a reality
@RK-ly5qj 10 ай бұрын
You may not know, but some IPs are using dns:53 requests to offer ADs or selling such information about particular user. Yes it seems complicated, but it has sense ;) you just decrease your footprint and overall sniffing over you. Privacy is a very important thing today, and even look for some countries where privacy is an exotic thing to achieve :)
@ivanrozhkov440 10 ай бұрын
Absolutely love your videos! But for the love of God make yourself louder somehow. I cannot hear you properly, unless I'm in a quiet place or using anc headphones.
@mikestaub 10 ай бұрын
I disagree it is overkill. This is a quantum leap for privacy is adopted on par with TOR
@autohmae 10 ай бұрын
DoH or DoT are easy to do, it's just turn on a switch in unbound or dnsdist
@fdm225 10 ай бұрын
Question, why wouldn't the ISP upon seeing the packet with the double client hello just automatically return a server hello with their own crypto info so as to create a fully proxy. At that point wouldn't they be able to see the eSNI that the sender is trying protect?
@coyotatorolla 7 ай бұрын
From my understanding when the request gets to the server the server tries to decrypt the inner hello with its private key. The server public key would be served to the client in the initial dns over http. And if the server can’t decrypt the inner hello it is left with the outter hello and it won’t send the certificate. Or if the certificate is served by a different party other then the actual server the client will close the connection. He is talking about it at minute 22:00
@yes-ni1od 10 ай бұрын
How to make a 5-minute read turn into a 30-minute youtube video. Your content is dull and monotonous, you don't add anything to the original article
@ZeeshanAli-nk3xk 10 ай бұрын
That is very wrong to say. He explains a lot of stuff and adds on a lot of things... please be respectful.
@yes-ni1od 10 ай бұрын
@@ZeeshanAli-nk3xk I am being respectful, especially to the people who might decide to purchase this guy's fake courses where he just blabbers on about content
@stuzard 10 ай бұрын
How to make a worthless comment. Your comment is impractical & unnecessary, Absolutely ridiculous !! I am a beginner & his explainer videos are a gem to catch up with the industry trends along with my studies. So, Hussein bhai, please keep up with the videos. Love it.
@ZeeshanAli-nk3xk 10 ай бұрын
Again... really no truth in your reply. I took his course on Network Engineering. And I am glad I bought it, he not only taught about the concepts you would learn in a particular course but his way of thinking, his methodology has inspired me to work, think and act differently in my career. You might not like a thing or two, it's okay to disagree on some aspects but cancelling out and making these comments doesn't do anything good.
@niksatan 10 ай бұрын
Dude I agree 100% with you, this guy is not going to the point, just tell stories to newbies without respecting out time. He is not teacher, he is preaching for clicks.
Sergio Outdoors
Рет қаралды 31 МЛН
SALEM EPISODES
Рет қаралды 829 М.
Deep dive on how static files are served with HTTP (kernel, sockets, file system, memory, zero copy)
Hussein Nasser
Рет қаралды 20 М.
BSides Cheltenham
Рет қаралды 379