@techreport{sullivan-tls-signed-ech-updates-00,
    number =    {draft-sullivan-tls-signed-ech-updates-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-sullivan-tls-signed-ech-updates/00/},
    author =    {Nick Sullivan and Dennis Jackson},
    title =     {{Authenticated ECH Config Distribution and Rotation}},
    pagetotal = 23,
    year =      2025,
    month =     oct,
    day =       20,
    abstract =  {Encrypted ClientHello (ECH) requires clients to have the server's ECH configuration before connecting. Currently, when ECH fails, servers can send updated configurations but clients cannot authenticate them without a certificate for the public name, limiting deployment flexibility. This document specifies an authenticated ECH configuration update mechanism. Servers can deliver signed ECH configurations during the TLS handshake, allowing clients to authenticate and immediately use them for retry. The mechanism decouples ECH key distribution from transport, enabling the same signed configuration to work via DNS or TLS delivery.},
}