Don't panic about domain fronting, an SNI fix is getting hacked out
Alternative proposed to sending server names in cleartext
Over the weekend, at the IETF Hackathon in Montreal, Canada, software engineers from Apple, Cloudflare, Fastly and Mozilla made some progress toward closing a privacy gap affecting network communications.
The programmers built an preliminary implementation of a privacy-oriented draft protocol called Encrypted Server Name Indication, or ESNI, which expands on TLS 1.3, the most recent version of Transport Layer Security.
The Server Name Indication (SNI) is a TLS extension that enables client code to transmit a virtual domain name during the TLS negotiation process. It allows a server with a single IP address to support multiple virtual domains, instead of having a separate IP address for each TLS host.
SNI, however, does not conceal the requested hostname, a consequence that has privacy implications. For example, when the hostname can be read from the "server_name" extension in the ClientHello message, it can be used by intermediaries for censorship.
ENSI solves this problem by replacing the "server_name" extension in the ClientHello message with an "encrypted_server_name" during connections to domains served by ENSI-supporting providers. The hosting biz can decrypt the hostname but network providers along the way and national firewalls can't.
Other consequences of SNI visibility include content filtering by DNS providers or enterprise firewalls and traffic discrimination (assigning different quality-of-service profiles to specific types of data).
Servers implementing the draft protocol can be found at esni.examp1e.net and cloudflare-esni.com. Support for ESNI can be found in BoringSSL (maintained by Google), Mozilla's Network Security Services (NSS) and picotls.
Hacking a permanent solution
In a phone interview with The Register, Matthew Prince, co-founder and CEO of Cloudflare, said SNI "really is one of the last chinks in the encryption armor."
Google kills off domain fronting – and so secure comms just got tougherREAD MORE
After Cloudflare launched its 220.127.116.11 privacy-focused DNS resolver in April, Prince said there were concerns among engineers at Cloudflare and Mozilla about the visibility of SNI. After the IETF failed to settle on a path forward, Prince said there was enough interest at Apple, Google and Mozilla to try to come up with a working implementation, in the hope of driving the standards process forwards.
"We've got enough scale and breadth on our side," he said.
"If browser makers will support this, we should be able to come up with a working implementation of encrypted SNI."
Until recently, a handful of privacy-focused communications tools like Signal relied on a technique known as domain fronting to conceal requested hostnames as a defense against censorship.
Prince explained that domain fronting is a hack. "The right long-term solution is to encrypt the SNI request," he said.
Another yet-to-be closed privacy gap, Prince said, is ability to discover the destination of a request from the IP address.
"Unless you use something like Tor, you'll never be able to hide the destination IP address," said Prince.
But at large service providers like Cloudflare, it's possible to reassign IP addresses for the sake of privacy. Prince said the company already does this to some extent, shifting customers from one IP address to another, but the process isn't as random as it could be. He suggested it might become more so. ®