Caddy: feature request: encrypted SNI

Created on 24 Oct 2018 · 9Comments · Source: caddyserver/caddy

Not sure if this is the right place, I'm probably early to request this anyway.

If I understand correctly, this needs:

an extra TLS extension
the webserver should understand 2 or more 'SNI names' for the same name, the plain text name plus a number of encrypted names.
generate a new key regularly
needs a way to tell DNS about what key clients can use

https://tools.ietf.org/html/draft-rescorla-tls-esni-00

Sounds to me like if there are multiple web servers, you'd might want to have a centralized program pushing updates to the servers and DNS.

feature request

Source

Lennie

👍14

Most helpful comment

Unless you want to dump a base64-encoded "put this into your TXT record now" in the logs, a mechanism for updating DNS entries must be implemented.

Actually, Caddy has DNS providers to plug into the tls directive for doing the DNS challenge (see https://caddyserver.com/docs/automatic-https#dns-challenge) so it isn't a stretch to make it possible to automate, if I'm understanding what you're saying.

In other news, see this comment: https://github.com/golang/go/issues/9671#issuecomment-438972261

It's very likely Caddy will wait until Go adds support for encrypted SNI before it's implemented otherwise.

francislavoie on 18 Nov 2018

👍3

All 9 comments

Same topic in nginx mailing list implies boringssl already supports Encrypted SNI (ESNI) which means it shouldn't be super-hard to implement in Caddy?

Avamander on 6 Nov 2018

You need another rotation for this (the others are: certificates, session tickets), this time of the (separately published using DNS) ESNI pre-keys. Unless you want to dump a base64-encoded "put this into your TXT record now" in the logs, a mechanism for updating DNS entries must be implemented.

The decryption and so on, that's trivial.

Furthermore, this feature depends on TLSv1.3 (but could be retro-fitted), and is still a draft. Hence, if someone were to pick this up, months away.

And you'd need to negotiate with upstream (the Go authors) about whether it'll be in crypto/tls, or to be implemented by the clients (with some utility functions in Go); and decided by Caddy's steering if an interim solution is wanted (I could implement one) and if so, plot a central secret storage facility and share ideas about the interaction with nameservers.

wmark on 18 Nov 2018

Unless you want to dump a base64-encoded "put this into your TXT record now" in the logs, a mechanism for updating DNS entries must be implemented.

Even with that it'd be kind-of okay.

Avamander on 18 Nov 2018

Unless you want to dump a base64-encoded "put this into your TXT record now" in the logs, a mechanism for updating DNS entries must be implemented.

In other news, see this comment: https://github.com/golang/go/issues/9671#issuecomment-438972261

It's very likely Caddy will wait until Go adds support for encrypted SNI before it's implemented otherwise.

francislavoie on 18 Nov 2018

👍3

[A] mechanism for updating DNS entries must be implemented.

We could implement something similar to tls.dns.{provider}

elcore on 18 Nov 2018

I investigated my DNS provider's API it isn't fine-grained enough for me to want to grant my server access to it - a export-record-to-log option is still a really good idea.

Avamander on 18 Nov 2018

I know this is quite old but in regards to an "export to log option" couldn't we just create a new file located where the caddy file is called "site.tld-esni.txt" or something that people could use. Exactly the same way 99% of Email DMARC and DKIM providers do?

tankerkiller125 on 9 Jul 2019

It's more and more likely that ESNI will be superceded by ECH: https://blog.cloudflare.com/encrypted-client-hello/

It's been a couple of years and ESNI hasn't seen wide adoption among clients yet. With its likely deprecation looming, I'll close this issue now and wait and see if ECH will become mainstream.

If I'm wrong and ESNI ends up mainstream instead, we can reopen this.