On Mon, Nov 26, 2018 at 1:36 PM Nick Lamb <n...@tlrmx.org> wrote: > In section 7.1 the -02 draft says: > > Clearly, DNSSEC (if the client validates and hard fails) is a defense > against this form of attack, but DoH/DPRIVE are also defenses against > DNS attacks by attackers on the local network, which is a common case > where SNI. > > Where SNI what? >
https://github.com/tlswg/draft-ietf-tls-esni/commit/1ed8d7d02c3b0884ac20c93f891d2745ab0f9d49 -Ekr > > I'd be tempted to just say that yes, an active adversary can force you > to choose between privacy and connectivity, and hard fail DNSSEC is the > only existing way to choose privacy. > > The current text feels more like an attempt by people who don't want to > face the Dancing Pig problem to justify why their latest seat-belt that > snaps in a crash (to borrow Adam Langley's phrase) is a good idea > anyway. But regardless of whether I'm correct about that, the sentence > is confusing as it stands now. > > Nick. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
