A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Transport Layer Security WG of the IETF.
Title : SNI Encryption in TLS Through Tunneling
Authors : Christian Huitema
Filename : draft-ietf-tls-sni-encryption-01.txt
Pages : 22
Date : 2018-02-19
This draft describes the general problem of encryption of the Server
Name Identification (SNI) parameter. The proposed solutions hide a
Hidden Service behind a Fronting Service, only disclosing the SNI of
the Fronting Service to external observers. The draft starts by
listing known attacks against SNI encryption, discusses the current
"co-tenancy fronting" solution, and then presents two potential TLS
layer solutions that might mitigate these attacks.
The first solution is based on TLS in TLS "quasi tunneling", and the
second solution is based on "combined tickets". These solutions only
require minimal extensions to the TLS protocol.
The IETF datatracker status page for this draft is:
There are also htmlized versions available at:
A diff from the previous version is available at:
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
TLS mailing list