Encrypted Server Name Indication


Encrypted Server Name Indication (ENSI) is an Internet Draft titled "Encrypted Server Name Indication for TLS 1.3"

Encrypted Server Name Indication is a method to provide Encryption for Server Name Indication (SNI)

TLS 1.3 RFC 8446 encrypts most of the handshake, including the server certificate, there are several other channels that allow an on-path attacker to determine the DNS Domain the client is trying to connect to, including:

Issues and Requirements for SNI Encryption in TLS Internet Draft describes the general problem of encrypting the Server Name Indication (SNI) TLS parameter. The proposed solutions hide a Hidden Service behind a fronting service, only disclosing the SNI of the fronting service to external observers. The draft lists known attacks against SNI encryption, discusses the current "co-tenancy fronting" solution, and presents requirements for future TLS layer solutions.

More Information#

There might be more information for this subject on one of the following: