Is your feature related to a problem?

There are different use-cases of the newly introduced Sessions.

Trusted Entry

The current implementation assumes a use-case (such as with WG), in which the Entry node (Session initiator) is trusted and therefore it is not problematic to reveal it the target of such Session.

Untrusted Entry

In a more general WG use-case, where an untrusted Entry node is assumed, revealing the the target field does not cause a privacy-harm if it only points to a general purpose WG server. The WG protocol takes care of approriate authentication thereafter.

However, in different use-cases (such as uHTTP or RPCh), the Entry node is not always trusted and target may point to a sensitive endpoint. Therefore, the target field should be hidden from the Session initiator and only visible to the Exit node (Session receiver).

Authenticity problem with Untrusted Entry

However, this does not solve the authenticity problem of the target, as a rogue entry node can replace the target for anything to its liking. It's the responsibility of the application layer on top of that session to establish authenticity later on.

Describe the feature you'd like

Add optional encryption of the SessionTarget, so that only the Exit node (Session receiver) gets to see the
true destination endpoint of the data.

Describe alternatives you've considered

• optionally use of libsodium-like crypto_box interface on target