Yes, and this concern is covered well by the draft in GitHub, imho.
thanks,
Rob
On Mon, Nov 25, 2019 at 7:33 PM Christian Huitema
wrote:
> Actually there is one use case in which the anonymity set is size 1 --
> mobile servers. The name of the mobile server cannot be deduced from its
> temporar
Actually there is one use case in which the anonymity set is size 1 --
mobile servers. The name of the mobile server cannot be deduced from its
temporary address. It can also not be deduced from the ESNI. But it can
be deduced from the record digest. The mobile server who wants to
maintain privacy
You're right, this is all there in the draft. It's just scattered around a
bit, and "anonymity set" is used only once and not defined.
I filed an issue https://github.com/tlswg/draft-ietf-tls-esni/issues/204 in
case the editors want to consolidate text on this concern.
thanks,
Rob
On Mon, Nov 2
Hi,
I see the issue of tracking and blocking via record_digest has come up a
few times in the github repository, but I don't understand the resolution.
If someone wanted to observe or block traffic to "example.com", couldn't
they retrieve the ESNI keys, calculate the record_digest themselves, and
