SNI Encryption in TLS Through Tunneling
draft-huitema-tls-sni-encryption-02
Document | Type |
Replaced Internet-Draft
(tls WG)
Expired & archived
|
|
---|---|---|---|
Authors | Christian Huitema , Eric Rescorla | ||
Last updated | 2017-07-20 (Latest revision 2017-07-03) | ||
Replaced by | draft-ietf-tls-sni-encryption | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | (None) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | Candidate for WG Adoption | |
Document shepherd | (None) | ||
IESG | IESG state | Replaced by draft-ietf-tls-sni-encryption | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This draft describes the general problem of encryption of the Server Name Identification (SNI) parameter. The proposed solutions hide a Hidden Service behind a Fronting Service, only disclosing the SNI of the Fronting Service to external observers. The draft starts by listing known attacks against SNI encryption, discusses the current "co-tenancy fronting" solution, and then presents two potential TLS layer solutions that might mitigate these attacks. The first solution is based on TLS in TLS "quasi tunneling", and the second solution is based on "combined tickets". These solutions only require minimal extensions to the TLS protocol.
Authors
Christian Huitema
Eric Rescorla
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)