Issues and Requirements for SNI Encryption in TLS
draft-ietf-tls-sni-encryption-03

The information below is for an old version of the document
Document Type Expired Internet-Draft (tls WG)
Authors Christian Huitema  , Eric Rescorla 
Last updated 2018-11-21 (latest revision 2018-05-20)
Replaces draft-huitema-tls-sni-encryption
Stream IETF
Intended RFC status Informational
Formats
Expired & archived
pdf htmlized (tools) htmlized bibtex
Reviews
Stream WG state Waiting for WG Chair Go-Ahead
Revised I-D Needed - Issue raised by WGLC
Document shepherd Joseph Salowey
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to Sean Turner <sean@sn3rd.com>, Joseph Salowey <joe@salowey.net>

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-tls-sni-encryption-03.txt

Abstract

This draft describes the general problem of encryption of the Server Name Identification (SNI) parameter. The proposed solutions hide a Hidden Service behind a Fronting Service, only disclosing the SNI of the Fronting Service to external observers. The draft lists known attacks against SNI encryption, discusses the current "co-tenancy fronting" solution, and presents requirements for future TLS layer solutions.

Authors

Christian Huitema (huitema@huitema.net)
Eric Rescorla (ekr@rtfm.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)