Issues and Requirements for Server Name Identification (SNI) Encryption in TLS, July 2020
Discuss this RFC: Send questions or comments to email@example.com
This document describes the general problem of encrypting the Server Name Identification (SNI) TLS parameter. The proposed solutions hide a hidden service behind a fronting service, only disclosing the SNI of the fronting service to external observers. This document lists known attacks against SNI encryption, discusses the current "HTTP co-tenancy" solution, and presents requirements for future TLS-layer solutions.
In practice, it may well be that no solution can meet every requirement and that practical solutions will have to make some compromises.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.