Last Call Review of draft-ietf-tls-sni-encryption-05
review-ietf-tls-sni-encryption-05-opsdir-lc-romascanu-2019-08-20-00

This document targets Informational status. It is Ready from an OPS-DIR
perspective and it offers valuable information for operators deploying TLS. It
does not define a new protocol, thus a full RFC 5706 OPS-DIR review does not
apply. It does however raise a number of operational issues in the deployment
of multiplexed servers that rely on the Service Name Information (SNI) TLS
extension which is a protocol element transmitted in clear text. Section 3
details the different type of attacks and lists encryption requirements for SNI
that would prevent these, but notes that not all can be simultaneously met by
implementations and deployments. Section 4 describes the HTTP Co-Tenancy
Fronting as a solution that could be deployed in the absence of TLS-level SNI
encryption. The HTTP fronting solution can be deployed without modification to
the TLS protocol, and does not require using any specific version of TLS. 
There are however a few issues regarding discovery, client implementations,
trust, and applicability which are further discussed. Operators should note
that Section 5 states that 'The current HTTP based solutions described in
Section 4 only meet some of these requirements.  In practice, it may well be
that no solution can meet every requirement, and that practical solutions will
have to make some compromises.'