The main change in the new version of this draft is the addition of "multi-protocol" requirements. Namely, hiding the SNI should also work for protocols like DTLS or QUIC. Then, it would be nice if we could also hide the ALPN, but that's somewhat less critical. After all, we could run every application over h2...
-- Christian Huitema -------- Forwarded Message -------- Subject: New Version Notification for draft-ietf-tls-sni-encryption-01.txt Date: Mon, 19 Feb 2018 12:01:18 -0800 From: internet-dra...@ietf.org To: Christian Huitema <huit...@huitema.net>, Eric Rescorla <e...@rtfm.com> A new version of I-D, draft-ietf-tls-sni-encryption-01.txt has been successfully submitted by Christian Huitema and posted to the IETF repository. Name: draft-ietf-tls-sni-encryption Revision: 01 Title: SNI Encryption in TLS Through Tunneling Document date: 2018-02-18 Group: tls Pages: 22 URL: https://www.ietf.org/internet-drafts/draft-ietf-tls-sni-encryption-01.txt Status: https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/ Htmlized: https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-01 Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-tls-sni-encryption-01 Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-sni-encryption-01 Abstract: This draft describes the general problem of encryption of the Server Name Identification (SNI) parameter. The proposed solutions hide a Hidden Service behind a Fronting Service, only disclosing the SNI of the Fronting Service to external observers. The draft starts by listing known attacks against SNI encryption, discusses the current "co-tenancy fronting" solution, and then presents two potential TLS layer solutions that might mitigate these attacks. The first solution is based on TLS in TLS "quasi tunneling", and the second solution is based on "combined tickets". These solutions only require minimal extensions to the TLS protocol. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls