This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Encrypted Server Name Indication
Encrypted Server Name Indication

Version management

Difference between version and

At line 1 added 179 lines
!!! Overview
[{$pagename}] ([ENSI]) is an [Internet Draft] titled "Encrypted Server Name Indication for [TLS 1.3]"
[{$pagename}] is a method to provide [Encryption] for [Server Name Indication] ([SNI])
[TLS 1.3] [RFC 8446] encrypts most of the handshake, including the server [certificate], there are several other channels that allow an on-path attacker to determine the [DNS Domain] the [client] is trying to connect to, including:
* [Cleartext] client [DNS] queries.
* Visible server [IP Address]es, assuming the the server is not doing domain-based virtual hosting.
* [Cleartext] [{$pagename}] ([SNI]) [RFC 6066] in [ClientHello] messages.
[Issues and Requirements for SNI Encryption in TLS] [Internet Draft] describes the general problem of encrypting the [Server Name Indication] ([SNI]) [TLS] parameter. The proposed solutions hide a Hidden Service behind a fronting service, only disclosing the SNI of the fronting service to external observers. The draft lists known [attacks] against [SNI] encryption, discusses the current "co-tenancy fronting" solution, and presents requirements for future [TLS] layer solutions.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Encrypted Server Name Indication for TLS 1.3|https://datatracker.ietf.org/doc/draft-ietf-tls-esni/|target='_blank'] - based on information obtained 2020-01-11
* [#2] - [Encrypt it or lose it: how encrypted SNI works|https://blog.cloudflare.com/encrypted-sni/|target='_blank'] - based on information obtained 2020-01-11
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop