feature request: encrypted SNI

[Lennie]

Not sure if this is the right place, I'm probably early to request this anyway.

If I understand correctly, this needs:

• an extra TLS extension
• the webserver should understand 2 or more 'SNI names' for the same name, the plain text name plus a number of encrypted names.
• generate a new key regularly
• needs a way to tell DNS about what key clients can use

https://tools.ietf.org/html/draft-rescorla-tls-esni-00

Sounds to me like if there are multiple web servers, you'd might want to have a centralized program pushing updates to the servers and DNS.

[Avamander]

Same topic in nginx mailing list implies boringssl already supports Encrypted SNI (ESNI) which means it shouldn't be super-hard to implement in Caddy?

[mark-kubacki]

You need another rotation for this (the others are: certificates, session tickets), this time of the (separately published using DNS) ESNI pre-keys. Unless you want to dump a base64-encoded "put this into your TXT record now" in the logs, a mechanism for updating DNS entries must be implemented.

The decryption and so on, that's trivial.

Furthermore, this feature depends on TLSv1.3 (but could be retro-fitted), and is still a draft. Hence, if someone were to pick this up, months away.

And you'd need to negotiate with upstream (the Go authors) about whether it'll be in crypto/tls, or to be implemented by the clients (with some utility functions in Go); and decided by Caddy's steering if an interim solution is wanted (I could implement one) and if so, plot a central secret storage facility and share ideas about the interaction with nameservers.

[Avamander]

Unless you want to dump a base64-encoded "put this into your TXT record now" in the logs, a mechanism for updating DNS entries must be implemented.

Even with that it'd be kind-of okay.

[francislavoie]

Unless you want to dump a base64-encoded "put this into your TXT record now" in the logs, a mechanism for updating DNS entries must be implemented.

Actually, Caddy has DNS providers to plug into the tls directive for doing the DNS challenge (see https://caddyserver.com/docs/automatic-https#dns-challenge) so it isn't a stretch to make it possible to automate, if I'm understanding what you're saying.

In other news, see this comment: golang/go#9671 (comment)

It's very likely Caddy will wait until Go adds support for encrypted SNI before it's implemented otherwise.

[elcore]

[A] mechanism for updating DNS entries must be implemented.

We could implement something similar to tls.dns.{provider}

[Avamander]

I investigated my DNS provider's API it isn't fine-grained enough for me to want to grant my server access to it - a export-record-to-log option is still a really good idea.

[tankerkiller125]

I know this is quite old but in regards to an "export to log option" couldn't we just create a new file located where the caddy file is called "site.tld-esni.txt" or something that people could use. Exactly the same way 99% of Email DMARC and DKIM providers do?

[mholt]

It's more and more likely that ESNI will be superceded by ECH: https://blog.cloudflare.com/encrypted-client-hello/

It's been a couple of years and ESNI hasn't seen wide adoption among clients yet. With its likely deprecation looming, I'll close this issue now and wait and see if ECH will become mainstream.

If I'm wrong and ESNI ends up mainstream instead, we can reopen this.

[Avamander]

Isn't it just a rename? @mholt