Issues and Requirements for SNI Encryption in TLS

The information below is for an old version of the document
Document Type Expired Internet-Draft (tls WG)
Authors Christian Huitema  , Eric Rescorla 
Last updated 2018-11-21 (latest revision 2018-05-20)
Replaces draft-huitema-tls-sni-encryption
Stream Internet Engineering Task Force (IETF)
Expired & archived
pdf htmlized bibtex
Additional Resources
- Mailing list discussion
Stream WG state Waiting for WG Chair Go-Ahead
Revised I-D Needed - Issue raised by WGLC
Document shepherd Joseph Salowey
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to Sean Turner <>, Joseph Salowey <>

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This draft describes the general problem of encryption of the Server Name Identification (SNI) parameter. The proposed solutions hide a Hidden Service behind a Fronting Service, only disclosing the SNI of the Fronting Service to external observers. The draft lists known attacks against SNI encryption, discusses the current "co-tenancy fronting" solution, and presents requirements for future TLS layer solutions.


Christian Huitema (
Eric Rescorla (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)