<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>protocols &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/protocols/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Thu, 06 Nov 2025 14:00:00 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>Async QUIC and HTTP/3 made easy: tokio-quiche is now open-source</title>
		<link>https://noise.getoto.net/2025/11/06/async-quic-and-http-3-made-easy-tokio-quiche-is-now-open-source/</link>
		
		<dc:creator><![CDATA[Mendes]]></dc:creator>
		<pubDate>Thu, 06 Nov 2025 14:00:00 +0000</pubDate>
				<category><![CDATA[Privacy]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[QUICHE]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=2afc2d65723e6cb6b2387624abbc8cdc</guid>

					<description><![CDATA[We’re excited to announce the open sourcing of tokio-quiche, our async QUIC library built on quiche and tokio. Relied upon in our services such as iCloud Private Relay and our next-generation Oxy-based proxies, tokio-quiche handles millions of HTTP/3 requests per second with low latency and high throughput.]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Defending QUIC from acknowledgement-based DDoS attacks</title>
		<link>https://noise.getoto.net/2025/10/29/defending-quic-from-acknowledgement-based-ddos-attacks/</link>
		
		<dc:creator><![CDATA[Apoorv Kothari]]></dc:creator>
		<pubDate>Wed, 29 Oct 2025 13:00:00 +0000</pubDate>
				<category><![CDATA[protocols]]></category>
		<category><![CDATA[QUIC]]></category>
		<category><![CDATA[research]]></category>
		<category><![CDATA[security]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=d9c3956d5bb8890f8c2889755f12242f</guid>

					<description><![CDATA[We identified and patched two DDoS vulnerabilities in our QUIC implementation related to packet acknowledgements. Cloudflare customers were not affected. We examine the "Optimistic ACK" attack vector and our solution, which dynamically skips packet numbers to validate client behavior. ]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>New Cryptanalysis of the Fiat-Shamir Protocol</title>
		<link>https://noise.getoto.net/2025/09/09/new-cryptanalysis-of-the-fiat-shamir-protocol/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 09 Sep 2025 11:02:00 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[cryptanalysis]]></category>
		<category><![CDATA[hashes]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70685</guid>

					<description><![CDATA[<p>A couple of months ago, a <a href="https://eprint.iacr.org/2025/118">new paper</a> demonstrated some new attacks against the Fiat-Shamir transformation. <i>Quanta</i> published a <a href="https://www.quantamagazine.org/computer-scientists-figure-out-how-to-prove-lies-20250709/">good article</a> that explains the results.</p>
<p>This is a pretty exciting paper from a theoretical perspective, but I don’t see it leading to any practical real-world cryptanalysis. The fact that there are some weird circumstances that result in Fiat-Shamir insecurities isn’t new—many dozens of papers have been published about it since 1986. What this new result does is extend this known problem to slightly less weird (but still highly contrived) situations. But it’s a completely different matter to extend these sorts of attacks to “natural” situations...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Web 3.0 Requires Data Integrity</title>
		<link>https://noise.getoto.net/2025/04/03/web-3-0-requires-data-integrity/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 03 Apr 2025 11:05:29 +0000</pubDate>
				<category><![CDATA[internet]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[web]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70082</guid>

					<description><![CDATA[<p>If you’ve ever taken a computer security class, you’ve probably learned about the three legs of computer security—confidentiality, integrity, and availability—known as the <a href="https://www.nist.gov/image/cia-triad">CIA triad</a>. When we talk about a system being secure, that’s what we’re referring to. All are important, but to different degrees in different contexts. In a world populated by artificial intelligence (AI) systems and artificial intelligent agents, integrity will be paramount.</p>
<p>What is data integrity? It’s ensuring that no one can modify data—that’s the security angle—but it’s much more than that. It encompasses accuracy, completeness, and quality of data—all over both time and space. It’s preventing accidental data loss; the “undo” button is a primitive integrity measure. It’s also making sure that data is accurate when it’s collected—that it comes from a trustworthy source, that nothing important is missing, and that it doesn’t change as it moves from format to format. The ability to restart your computer is another integrity measure...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Pairwise Authentication of Humans</title>
		<link>https://noise.getoto.net/2025/02/10/pairwise-authentication-of-humans/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 10 Feb 2025 12:00:41 +0000</pubDate>
				<category><![CDATA[authentication]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69898</guid>

					<description><![CDATA[<p>Here’s an <a href="https://ksze.github.io/PeerAuth/">easy</a> system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations.</p>
<blockquote><p>To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons.</p>
<p>This is how it works:</p>
<ol>
<li>Two people, Person A and Person B, sit in front of the same computer and open this page;
</li><li>They input their respective names (e.g. Alice and Bob) onto the same page, and click “Generate”;
</li><li>The page will generate two TOTP QR codes, one for Alice and one for Bob;
...</li></ol></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Open sourcing h3i: a command line tool and library for low-level HTTP/3 testing and debugging</title>
		<link>https://noise.getoto.net/2024/12/30/open-sourcing-h3i-a-command-line-tool-and-library-for-low-level-http-3-testing-and-debugging/</link>
		
		<dc:creator><![CDATA[Lucas Pardue]]></dc:creator>
		<pubDate>Mon, 30 Dec 2024 14:00:00 +0000</pubDate>
				<category><![CDATA[HTTP3]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[QUIC]]></category>
		<category><![CDATA[Rust]]></category>
		<category><![CDATA[testing]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=1f8ad0f3f236452b2ce52757a2b53bc8</guid>

					<description><![CDATA[h3i is a command line tool and Rust library designed for low-level testing and debugging of HTTP/3, which runs over QUIC.]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Security Analysis of the MERGE Voting Protocol</title>
		<link>https://noise.getoto.net/2024/11/25/security-analysis-of-the-merge-voting-protocol/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 25 Nov 2024 12:09:05 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[darpa]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[voting]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69616</guid>

					<description><![CDATA[<p>Interesting analysis: <a href="https://arxiv.org/pdf/2411.11796">An Internet Voting System Fatally Flawed in Creative New Ways</a>.</p>
<blockquote><p><b>Abstract:</b> The recently published “MERGE” protocol is designed to be used in the prototype CAC-vote system. The voting kiosk and protocol transmit votes over the internet and then transmit voter-verifiable paper ballots through the mail. In the MERGE protocol, the votes transmitted over the internet are used to tabulate the results and determine the winners, but audits and recounts use the paper ballots that arrive in time. The enunciated motivation for the protocol is to allow (electronic) votes from overseas military voters to be included in preliminary results before a (paper) ballot is received from the voter. MERGE contains interesting ideas that are not inherently unsound; but to make the system trustworthy—to apply the MERGE protocol—would require major changes to the laws, practices, and technical and logistical abilities of U.S. election jurisdictions. The gap between theory and practice is large and unbridgeable for the foreseeable future. Promoters of this research project at DARPA, the agency that sponsored the research, should acknowledge that MERGE is internet voting (election results rely on votes transmitted over the internet except in the event of a full hand count) and refrain from claiming that it could be a component of trustworthy elections without sweeping changes to election law and election administration throughout the U.S...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>RADIUS Vulnerability</title>
		<link>https://noise.getoto.net/2024/07/10/radius-vulnerability/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 10 Jul 2024 14:42:11 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[authentication]]></category>
		<category><![CDATA[man-in-the-middle attacks]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69136</guid>

					<description><![CDATA[<p><a href="https://www.blastradius.fail/">New attack</a> against the RADIUS authentication protocol:</p>
<blockquote><p>The Blast-RADIUS attack allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol accept message in response to a failed authentication request. This forgery could give the attacker access to network devices and services without the attacker guessing or brute forcing passwords or shared secrets. The attacker does not learn user credentials.</p></blockquote>
<p>This is one of those vulnerabilities that comes with a cool name, its own website, and a logo.</p>
<p>News <a href="https://www.bleepingcomputer.com/news/security/new-blast-radius-attack-bypasses-widely-used-radius-authentication/">article</a>. Research ...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed</title>
		<link>https://noise.getoto.net/2024/04/05/maybe-the-phone-system-surveillance-vulnerabilities-will-be-fixed/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 05 Apr 2024 11:00:42 +0000</pubDate>
				<category><![CDATA[infrastructure]]></category>
		<category><![CDATA[phones]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68724</guid>

					<description><![CDATA[<p>It seems that the FCC might be <a href="https://www.theregister.com/AMP/2024/04/02/fcc_ss7_security/">fixing the vulnerabilities</a> in SS7 and the Diameter protocol:</p>
<blockquote><p>On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations.</p>
<p>The FCC has also asked carriers to detail any exploits of the protocols since 2018. The regulator wants to know the date(s) of the incident(s), what happened, which vulnerabilities were exploited and with which techniques, where the location tracking occurred, and ­ if known ­ the attacker’s identity...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>connect() &#8211; why are you so slow?</title>
		<link>https://noise.getoto.net/2024/02/08/connect-why-are-you-so-slow/</link>
		
		<dc:creator><![CDATA[Frederick Lawler http://blog.cloudflare.com/author/frederick/]]></dc:creator>
		<pubDate>Thu, 08 Feb 2024 14:00:27 +0000</pubDate>
				<category><![CDATA[deep dive]]></category>
		<category><![CDATA[IPv4]]></category>
		<category><![CDATA[ipv6]]></category>
		<category><![CDATA[linux]]></category>
		<category><![CDATA[Network]]></category>
		<category><![CDATA[Performance]]></category>
		<category><![CDATA[protocols]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=385532496572903165afc3a0369621d9</guid>

					<description><![CDATA[This is our story of what we learned about the connect() implementation for TCP in Linux. Both its strong and weak points. How connect() latency changes under pressure, and how to open connection so that the syscall latency is deterministic and time-bound]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Security Analysis of a Thirteenth-Century Venetian Election Protocol</title>
		<link>https://noise.getoto.net/2023/12/06/security-analysis-of-a-thirteenth-century-venetian-election-protocol/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 06 Dec 2023 18:18:11 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[history of security]]></category>
		<category><![CDATA[Italy]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[voting]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68170</guid>

					<description><![CDATA[<p>Interesting <a href="https://www.hpl.hp.com/techreports/2007/HPL-2007-28R1.html">analysis</a>:</p>
<blockquote><p>This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader election protocols in computer science. For example, it gives some opportunities to minorities while ensuring that more popular candidates are more likely to win, and offers some resistance to corruption of voters...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Cloudflare’s commitment to the 2023 Summit for Democracy</title>
		<link>https://noise.getoto.net/2023/03/28/cloudflares-commitment-to-the-2023-summit-for-democracy/</link>
		
		<dc:creator><![CDATA[Patrick Day]]></dc:creator>
		<pubDate>Tue, 28 Mar 2023 13:00:00 +0000</pubDate>
				<category><![CDATA[Human Rights]]></category>
		<category><![CDATA[Internet Shutdown]]></category>
		<category><![CDATA[post quantum]]></category>
		<category><![CDATA[Privacy]]></category>
		<category><![CDATA[Project Galileo]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[United States]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=461d304e15d7a8c700e013524f874256</guid>

					<description><![CDATA[Cloudflare is proud to participate in and contribute commitments to the 2023 Summit Summit for Democracy because we believe that everyone should have access to an Internet that is faster, more reliable, more private, and more secure]]></description>
		
		
		<enclosure url="http://blog.cloudflare.com/content/images/2023/03/image1-52.png" length="0" type="" />

			</item>
		<item>
		<title>Privacy Gateway: a privacy preserving proxy built on Internet standards</title>
		<link>https://noise.getoto.net/2022/10/27/privacy-gateway-a-privacy-preserving-proxy-built-on-internet-standards/</link>
		
		<dc:creator><![CDATA[Mari Galicer]]></dc:creator>
		<pubDate>Thu, 27 Oct 2022 13:01:00 +0000</pubDate>
				<category><![CDATA[Privacy]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[standards]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=07e8a7f5dee974bc1f21cec8ccff069c</guid>

					<description><![CDATA[Privacy Gateway enables privacy-forward applications to use Cloudflare as a trusted Relay, limiting which identifying information, including IP addresses, is visible to their infrastructure]]></description>
		
		
		<enclosure url="http://blog.cloudflare.com/content/images/2022/10/image2-13.png" length="0" type="" />

			</item>
		<item>
		<title>Cloudflare and the IETF</title>
		<link>https://noise.getoto.net/2021/10/13/cloudflare-and-the-ietf/</link>
		
		<dc:creator><![CDATA[Jonathan Hoyland]]></dc:creator>
		<pubDate>Wed, 13 Oct 2021 12:59:37 +0000</pubDate>
				<category><![CDATA[IETF]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[research]]></category>
		<category><![CDATA[standards]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=2cbbcfce361126361184b4467663de61</guid>

					<description><![CDATA[Cloudflare helps build a better Internet through collaboration on open and interoperable standards. This post will describe how Cloudflare contributes to the standardization process to enable incremental innovation and drive long-term architectural change.]]></description>
		
		
		<enclosure url="https://blog.cloudflare.com/content/images/2021/10/Mask-Group--1--3.png" length="0" type="" />

			</item>
		<item>
		<title>Exported Authenticators: The long road to RFC</title>
		<link>https://noise.getoto.net/2021/10/13/exported-authenticators-the-long-road-to-rfc/</link>
		
		<dc:creator><![CDATA[Jonathan Hoyland]]></dc:creator>
		<pubDate>Wed, 13 Oct 2021 12:59:28 +0000</pubDate>
				<category><![CDATA[Cryptography]]></category>
		<category><![CDATA[IEFT]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[research]]></category>
		<category><![CDATA[TLS]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=44a2083abdc1cdb7970126a1e70e1c79</guid>

					<description><![CDATA[Learn more about Exported Authenticators, a new extension to TLS, currently going through the IETF standardisation process.]]></description>
		
		
		<enclosure url="https://blog.cloudflare.com/content/images/2021/10/image3-21.png" length="0" type="" />

			</item>
		<item>
		<title>Handshake Encryption: Endgame (an ECH update)</title>
		<link>https://noise.getoto.net/2021/10/12/handshake-encryption-endgame-an-ech-update/</link>
		
		<dc:creator><![CDATA[Christopher Wood]]></dc:creator>
		<pubDate>Tue, 12 Oct 2021 12:59:22 +0000</pubDate>
				<category><![CDATA[Privacy]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[research]]></category>
		<category><![CDATA[security]]></category>
		<category><![CDATA[TLS]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=39e2cfbdce968175dff7c903103ba2f7</guid>

					<description><![CDATA[In this post, we’ll dig into ECH details and describe what this protocol does to move the needle to help build a better Internet.]]></description>
		
		
		<enclosure url="https://blog.cloudflare.com/content/images/2021/10/Enrypted-Client-Hello.png" length="0" type="" />

			</item>
		<item>
		<title>Oblivious DNS-over-HTTPS</title>
		<link>https://noise.getoto.net/2020/12/08/oblivious-dns-over-https/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 08 Dec 2020 21:02:08 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[anonymity]]></category>
		<category><![CDATA[DNS]]></category>
		<category><![CDATA[https]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=60547</guid>

					<description><![CDATA[<p>This <a href="https://techcrunch.com/2020/12/08/cloudflare-and-apple-design-a-new-privacy-friendly-internet-protocol/">new protocol</a>, called Oblivious DNS-over-HTTPS (ODoH), hides the websites you visit from your ISP.</p>
<blockquote><p>Here&#8217;s how it works: ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit. Because the DNS query is encrypted, the proxy can&#8217;t see what&#8217;s inside, but acts as a shield to prevent the DNS resolver from seeing who sent the query to begin with.</p></blockquote>
<p>IETF <a href="https://tools.ietf.org/html/draft-pauly-dprive-oblivious-doh-02">memo</a>.</p>
<p>The <a href="https://arxiv.org/pdf/2011.10121.pdf">paper</a>:</p>
<blockquote><p><b>Abstract:</b> The Domain Name System (DNS) is the foundation of a human-usable Internet, responding to client queries for host-names with corresponding IP addresses and records. Traditional DNS is also unencrypted, and leaks user information to network operators. Recent efforts to secure DNS using DNS over TLS (DoT) and DNS over HTTPS (DoH) havebeen gaining traction, ostensibly protecting traffic and hiding content from on-lookers. However, one of the criticisms ofDoT and DoH is brought to bear by the small number of large-scale deployments (e.g., Comcast, Google, Cloudflare): DNS resolvers can associate query contents with client identities in the form of IP addresses. Oblivious DNS over HTTPS (ODoH) safeguards against this problem. In this paper we ask what it would take to make ODoH practical? We describe ODoH, a practical DNS protocol aimed at resolving this issue by both protecting the client&#8217;s content and identity. We implement and deploy the protocol, and perform measurements to show that ODoH has comparable performance to protocols like DoH and DoT which are gaining widespread adoption,while improving client privacy, making ODoH a practical privacy enhancing replacement for the usage of DNS...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Good-bye ESNI, hello ECH!</title>
		<link>https://noise.getoto.net/2020/12/08/good-bye-esni-hello-ech/</link>
		
		<dc:creator><![CDATA[Christopher Patton]]></dc:creator>
		<pubDate>Tue, 08 Dec 2020 12:00:00 +0000</pubDate>
				<category><![CDATA[DNS]]></category>
		<category><![CDATA[Privacy]]></category>
		<category><![CDATA[Privacy Week]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[research]]></category>
		<category><![CDATA[TLS]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=efd2186767a083b71b64d14adb69d5a8</guid>

					<description><![CDATA[A deep dive into the Encrypted Client Hello, a standard that encrypts privacy-sensitive parameters sent by the client, as part of the TLS handshake.]]></description>
		
		
		<enclosure url="https://blog.cloudflare.com/content/images/2020/12/Good-bye-ESNI--hello-ECH-blog-header-1.png" length="0" type="" />

			</item>
		<item>
		<title>OPAQUE: The Best Passwords Never Leave your Device</title>
		<link>https://noise.getoto.net/2020/12/08/opaque-the-best-passwords-never-leave-your-device/</link>
		
		<dc:creator><![CDATA[Tatiana Bradley]]></dc:creator>
		<pubDate>Tue, 08 Dec 2020 12:00:00 +0000</pubDate>
				<category><![CDATA[PAKE]]></category>
		<category><![CDATA[passwords]]></category>
		<category><![CDATA[Privacy Week]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[research]]></category>
		<category><![CDATA[security]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=9487e69f32f45efe823f90716408a861</guid>

					<description><![CDATA[Imagine passwords for online services that never leave your device, encrypted or otherwise. OPAQUE is a new cryptographic protocol that makes this idea possible, giving you and only you full control of your password.]]></description>
		
		
		<enclosure url="https://blog.cloudflare.com/content/images/2020/12/Opaque-Header.png" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 49/364 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-08 13:47:10 by W3 Total Cache
-->