idnits 2.17.1 draft-belyavskiy-fakesni-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 93: '...tted. If present, it MUST match an IP...' RFC 2119 keyword, line 96: '... the Fake SNI RR MUST NOT match any ho...' RFC 2119 keyword, line 98: '... different hosts MUST be different....' RFC 2119 keyword, line 103: '... server MUST return the certificate ...' RFC 2119 keyword, line 104: '...Otherwise server SHOULD abort the conn...' (6 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 20, 2019) is 1892 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- -- Missing reference section? '1' on line 134 looks like a reference Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group 3 Internet-Draft TCI 4 Intended status: Experimental February 20, 2019 5 Expires: August 24, 2019 7 Fake Server Name Indication 8 draft-belyavskiy-fakesni-01 10 Abstract 12 The document provides a specification of the Fake Server Name 13 Indication. Being implemented, the Fake SNI specification provides a 14 way to work around the monitoring solutions without providing any 15 additional information to external observers. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at https://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on August 24, 2019. 34 Copyright Notice 36 Copyright (c) 2019 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (https://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 1. Introduction 51 Many DPI solutions use SNI information as a criterion to filter 52 connection to various sites. Though Encrypted SNI makes impossible 53 to read the SNI value, there is information [1] that absence of SNI 54 looks suspicious itself and all communications are blocked. 56 This specification introduces a way to provide a value of SNI treated 57 by TLS server as an alias to one of the names known by server but not 58 matching the possibly suspicious hostname. 60 This specification does not save from DPI solutions but it provides 61 one more loophole to cheat them. 63 2. Fake SNI design goals 65 The solution specified in this document is inspired by the design of 66 Encrypted SNI. 68 The provider publishes a name matching the target name to be provided 69 in the clear text. This document defines a publication mechanism 70 using DNS, but other mechanisms are also possible. 72 When a client wants to establish a TLS connection to a domain served 73 by a Fake SNI-supporting provider, it replaces the value in 74 "server_name" extension in the ClientHello with the value obtained by 75 transport. The provider can then find out the desired name from its 76 configuration and either establish the connection with the desired 77 host or reject it. 79 3. Definitions 81 Original name - the hostname of service that is subject to hide. 83 Fake name - the hostname specified by server and sent by client to 84 indicate intention to connect to host with original name. 86 4. Fake SNI indication 88 Fake SNI information is published in DNS via TXT RR. For example, 89 the Fake SNI record for domain example.com may look like 91 _fakesni.example.com. 60S IN TXT "myfakerecord.com IP" 93 where IP address may be omitted. If present, it MUST match an IP 94 address specified in A/AAAA record for the domain. 96 Value specified in the Fake SNI RR MUST NOT match any hostname 97 available for the IP address it is valid for. Fake names for 98 different hosts MUST be different. 100 5. Server behaviour 102 On receiveing the value of known Fake SNI in the TLS ClientHello 103 server MUST return the certificate matching the original hostname. 104 Otherwise server SHOULD abort the connection. 106 6. Client behaviour 108 Client MAY use the Fake SNI record as fallback if connecting using 109 ESNI is blocked. In this case client initiates normal TLS connection 110 specifying the value from Fake SNI record in the server_name 111 extension. If the certificate received from server does not match 112 the original hostname, the client MUST abort the connection. 113 Otherwise the client MUST follow the normal process of TLS handshake. 115 7. Security considerations 117 As Fake SNI can be used in TLS 1.2, it does not provide any problems 118 to DPI because in this case the original hostname is available in 119 clear text in server certificate. TLS 1.3 encrypts the Certificate 120 message, so it is RECOMMENDED to use Fake SNI together with TLS 1.3. 121 To strengthen the protection, it's recommended to obtain _fakesni RR 122 via DoT or DoH. 124 As DPI solutions are able to obtain the DNS _fakesni records as 125 legitimate clients do, it is RECOMMENDED to set reasonable TTL values 126 for the _fakesni records. Also it is RECOMMENDED to use such values 127 of fake names that are syntactically correct domain names. Otherwise 128 DPI can recognise the fake names as fake ones. 130 8. References 132 8.1. URIs 134 [1] https://mailarchive.ietf.org/arch/msg/tls/ 135 WiT3oEh6PO96mm0z28BNMp0YgGs 137 Author's Address 138 Dmitry Belyavskiy 139 Cryptocom LTD 140 Kedrova st, 14/2 141 Moscow 127083 142 RU 144 Email: beldmit@gmail.com