Cloudflare has turned on new web privacy technology Encrypted SNI (ESNI) across its network to make the web more private.
The Server Name Indication (SNI) is a Transport Layer Security (TLS) extension that lets servers with a single IP address to support multiple virtual domains, as is common with content-delivery networks (CDN) and other types of hosting platforms. With SNI, the client (say, the browser) could transmit a virtual domain name during the TLS handshake and get the correct security certificate for the domain. Prior to SNI, the web server could serve up just a single SSL certificate per IP address.
As useful as SNI was, it had a gaping privacy issue: SNI was not encrypted and thus leaked the identity of the sites the user was visiting. Although the connection to the website was encrypted via HTTPS and eavesdroppers could not intercept the contents sent between the user and the website, the site’s hostname was in plaintext within the ClientHello message.
Anyone monitoring the connection would know what sites the user was visiting.
“Today, as HTTPS covers nearly 80% of all web traffic, the fact that SNI leaks every site you go to online to your ISP and anyone else listening on the line has become a glaring privacy hole,” said Cloudflare’s Matthew Prince. "Knowing what sites you visit can build a very accurate picture of who you are, creating both privacy and security risks.”
The ENSI technical standard closed this privacy hole by replacing the server name value in the ClientHello message with an encrypted value. The encryption key is derived from a public key uploaded to the server’s DNS record and the client’s private key. The resulting key is cryptographically tied to the TLS session it was generated for and cannot be reused. The client and server can derive the encryption key, but third-parties such as ISPs, network providers, and firewall systems cannot.
Hosting providers and CDNs will know which sites the users are going to because they are serving up the correct content to the users, but ESNI won’t provide them with visibility in the rest of the encrypted connection. Cloudflare’s implementation rotates the server keys every hour to avoid the possibility of exposing all ESNI keys in case the server’s private key ever gets compromised.
“Working at the Internet Engineering Task Force (IETF), Cloudflare and representatives of other Internet companies, including Fastly and Apple, broke a years-long deadlock in the deployment of privacy enhancements in this area,” wrote Seth Schoen, a senior staff technologist at the Electronic Frontier Foundation.
With the push to encrypt the Web, the question was how to make sure all aspects of the web connection could be protected from prying eyes. Getting websites to turn on HTTPS was a good step, as it meant web traffic and the contents of websites were encrypted. However, ISPs could still generate detailed profiles of users’ online activity. That kind of information could be used as part of its content filtering efforts, or to throttle service to certain types of sites. Having access to this kind of information lets ISPs play quality-of-service games.
Governments can use the information as part of its surveillance or censorship activities. “What's more, the U.S. government continues to argue that the SNI information your browser sends over the Internet, as 'metadata,' enjoys minimal legal protections against government spying,” Schoen said.
While ESNI is a promising technology for making the vision of an encrypted web truly private all across the connection, it is still experimental. Only users of test versions of Firefox (Firefox Nightly) will be able to use ESNI, and only when accessing services hosted by Cloudflare. ESNI also requires TLS 1.3 and won’t work with older versions.
The technical specification is still under development and not yet stable, but all work is published openly so that it will be possible for browser makers and hosting providers to see progress. Developers including the extension into web server software will also help spur adoption. Schoen suggested the EFF would be able to add options for enabling ESNI in Certbot, its tool to automatically enable HTTPS on websites using Let’s Encrypt certificates.
“Encrypted SNI, along with TLS 1.3, DNSSEC and DoT/DoH, plugs one of the few remaining holes that enable surveillance and censorship on the Internet. More work is still required to get to a surveillance-free Internet, but we are (slowly) getting there,” wrote Cloudflare’s Alessandro Ghedini.