[rqs]

I'm don't completely get it. How does CDN is required for this?

Let's say that I have a Nginx on my server which serves a lot's of websites, and whose web sites can only be accessed through HTTPS with SNI, not HTTP.

Now with Encrypted SNI deployed, requests from my clients can still be dispatched to it's respective virtual hosts, but any sniffers in the middle of the connection should only be able to see that my clients are accessing to my server, but not which virtual host.

Is I'm missed anything? I haven't dig deep in to this currently.

[geocar]

That's about it.

The theory is that if you put your server behind a popular CDN, then a state-level attacker is left with little choice but to block the entire server.

Another benefit is that attacks that can observe but not modify traffic will be less able to track what sites you're visiting.

There are risks though:

* It's unclear how resistant CDNs actually are to state-level attackers.

* It's unclear how resistant CDNs are to regular attackers[1]

* Corporations/Security-savvy users will find it difficult to control what [their] workstations can reach and cannot: Allowing access to a single cloud-based service may inadvertently allow access to a malicious command/control server sharing the CDN.

[1]: https://9to5mac.com/2017/02/24/cloudflare-server-breach-clou...

[reaperhulk]

That’s an accurate summary, but CDNs are important because they terminate huge numbers of sites. In your example censorship is relatively easy since network operators who want to block a site won’t have very much collateral damage by blocking your entire server just to deny access to that single site. CDNs, terminating millions of sites, make that far more challenging.

[dogma1138]

It misses the fact that even with encrypted SNI it would be very easy to fingerprint a website see my comment above.

[dogma1138]

Shared hosting can provide some “privacy” or to be more exact plausible deniability however it’s not going to be particularly good (when accounting for the actors that this would play at this level) especially when you consider that you can fingerprint the websites quite easily as the encrypted data would still of known size.

So if your website serves a page which is 412KB in size that would be quite easy to fingerprint especially across a pool of websites, beyond that it’s also quite possible to fingerprint things even further by measuring the number, size and order of secondary requests a page load incurs.

So overall there is little privacy that would be provided by this (again when taking into account the threat model and actors) unless you hide behind 1000s and 1000s of websites on the same network and even then it’s mostly not about privacy but about resilience against MITM and state censorship.