Issues and Requirements for Server Name Identification Encryption in TLS
RFC 8744, “Issues and Requirements for Server Name Identification Encryption in TLS”, is an Informational document published in July 2020 by C. Huitema. The canonical text is published by the RFC Editor.
Abstract
This document describes the general problem of encrypting the Server Name Identification (SNI) TLS parameter. The proposed solutions hide a hidden service behind a fronting service, only disclosing the SNI of the fronting service to external observers. This document lists known attacks against SNI encryption, discusses the current "HTTP co-tenancy" solution, and presents requirements for future TLS-layer solutions.
In practice, it may well be that no solution can meet every requirement and that practical solutions will have to make some compromises.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 8744 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 8743 Multiple Access Management Services Multi-Access Management Services
- RFC 8745 Path Computation Element Communication Protocol Extensions for Associating Working and Protection Label Switched Paths with Stateful PCE
- RFC 8742 Concise Binary Object Representation Sequences
- RFC 8746 Concise Binary Object Representation Tags for Typed Arrays
- RFC 8741 Ability for a Stateful Path Computation Element to Request and Obtain Control of a Label Switched Path
- RFC 8747 Proof-of-Possession Key Semantics for CBOR Web Tokens
- RFC 8740 Using TLS 1.3 with HTTP/2
- RFC 8748 Registry Fee Extension for the Extensible Provisioning Protocol