Encrypted ClientHello - lessons learned from trying to do something that was probably too complicated

Stephen has been implementing the Encrypted Client Hello (ECH) mechanism being developed in the IETF TLS working group and attempting to get code for that upstreamed into the library. The first part of that (HPKE) landed in late 2022 after an extended PR discussion. Remaining ECH functionality is even more complex and affects many parts of the TLS code and is in the process of being upstreamed into a feature branch. The talk will review some of the many reasons why attempting this turns out to be challenging, but will also argue that the project would be wise to strive to decrease the difficulty of (some but not all) activities like this.