On Sun, Oct 6, 2024 at 12:17 PM Eric Rescorla wrote:
> This is explicitly prohibited rfc9460 as it would provide linkability.
>>> See rfc9460 section 12: "Clients MUST ensure that their DNS cache is
>>> partitioned for each local network, or flushed on network changes, to
>>> prevent a local adve
On Mon, Oct 7, 2024 at 6:01 AM Paul Wouters wrote:
>
> On Sun, Oct 6, 2024 at 12:17 PM Eric Rescorla wrote:
>
>> This is explicitly prohibited rfc9460 as it would provide linkability.
See rfc9460 section 12: "Clients MUST ensure that their DNS cache is
partitioned for each local networ
On Mon, Oct 7, 2024 at 9:26 AM Eric Rescorla wrote:
>
>
> On Mon, Oct 7, 2024 at 6:01 AM Paul Wouters wrote:
>
>>
>> On Sun, Oct 6, 2024 at 12:17 PM Eric Rescorla wrote:
>>
>>> This is explicitly prohibited rfc9460 as it would provide linkability.
> See rfc9460 section 12: "Clients MUST ens
Paul,
I don't understand your threat model here.
1. As already noted upthread, ECH inherently leaks the name you are
resolving to the resolver. This leak doesn't depend on the resolver
tampering with the response, so DNSSEC verification on the client
doesn't help here [0].
2. If the client accep
Internet-Draft draft-ietf-tls-hybrid-design-11.txt is now available. It is a
work item of the Transport Layer Security (TLS) WG of the IETF.
Title: Hybrid key exchange in TLS 1.3
Authors: Douglas Stebila
Scott Fluhrer
Shay Gueron
Name:draft-ietf-tls-hybrid-de
