RFC 8744

Issues and Requirements for Server Name Identification (SNI) Encryption in TLS, July 2020

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
C. Huitema
tls (sec)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC8744

Discuss this RFC: Send questions or comments to tls@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


This document describes the general problem of encrypting the Server Name Identification (SNI) TLS parameter. The proposed solutions hide a hidden service behind a fronting service, only disclosing the SNI of the fronting service to external observers. This document lists known attacks against SNI encryption, discusses the current "HTTP co-tenancy" solution, and presents requirements for future TLS-layer solutions.

In practice, it may well be that no solution can meet every requirement and that practical solutions will have to make some compromises.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.

Download PDF Reader