RFC 8744
Issues and Requirements for Server Name Identification (SNI) Encryption in TLS, July 2020
- File formats:
- Also available: XML file for editing
- Status:
- INFORMATIONAL
- Author:
- C. Huitema
- Stream:
- IETF
- Source:
- tls (sec)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC8744
Discuss this RFC: Send questions or comments to the mailing list tls@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 8744
Abstract
This document describes the general problem of encrypting the Server Name Identification (SNI) TLS parameter. The proposed solutions hide a hidden service behind a fronting service, only disclosing the SNI of the fronting service to external observers. This document lists known attacks against SNI encryption, discusses the current "HTTP co-tenancy" solution, and presents requirements for future TLS-layer solutions.
In practice, it may well be that no solution can meet every requirement and that practical solutions will have to make some compromises.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.