On Fri, Oct 4, 2024 at 3:20 PM Stephen Farrell <stephen.farr...@cs.tcd.ie>
wrote:
>
> On 10/4/24 19:30, Paul Wouters wrote:
> > Which makes me wonder if it makes sense to advise long TTLs on these
> > records so that they move along on your phone/laptop even if you enter
> > these kind of networks.
>
> There's a tension between that and getting better forward-secrecy
> by rotating ECH keys regularly. I don't think we're yet at a point
> where we'd have something that useful to recommend in terms of
> resolving that tension. (And that's ignoring the tension between
> wanting, and disliking, ECH;-)
>
This is explicitly prohibited rfc9460 as it would provide linkability.
See rfc9460 section 12: "Clients MUST ensure that their DNS cache is
partitioned for each local network, or flushed on network changes, to
prevent a local adversary in one network from implanting a forged DNS
record that allows them to track users or hinder their connections after
they leave that network."
As an example, an attacker could return ech values with tracking
information and use that to correlate clients across network changes.
This seems like a much worse outcome since it could be done server-side and
could impact all users, not just users
trying to get privacy from their local network operator.
Erik
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
