Actually there is one use case in which the anonymity set is size 1 -- mobile servers. The name of the mobile server cannot be deduced from its temporary address. It can also not be deduced from the ESNI. But it can be deduced from the record digest. The mobile server who wants to maintain privacy will want to use ESNI without a record digest, at the cost of course of trial decryption.
-- Christian Huitema On 11/26/2019 4:37 AM, Rob Sayre wrote: > You're right, this is all there in the draft. It's just scattered > around a bit, and "anonymity set" is used only once and not defined. > > I filed an issue > https://github.com/tlswg/draft-ietf-tls-esni/issues/204 in case the > editors want to consolidate text on this concern. > > thanks, > Rob > > > On Mon, Nov 25, 2019 at 11:25 AM Ben Schwartz <bem...@google.com > <mailto:bem...@google.com>> wrote: > > The record_digest, like the ESNIConfig itself, is intended to be > constant across all domains that form an anonymity set (i.e. O(1) > ESNIConfigs per CDN). Thus, the record_digest reveals no > additional information to an onlooker who can observe the server IP. > > On Mon, Nov 25, 2019 at 2:03 PM Rob Sayre <say...@gmail.com > <mailto:say...@gmail.com>> wrote: > > Hi, > > I see the issue of tracking and blocking via record_digest has > come up a few times in the github repository, but I don't > understand the resolution. > > If someone wanted to observe or block traffic to "example.com > <http://example.com>", couldn't they retrieve the ESNI keys, > calculate the record_digest themselves, and then use that to > spot traffic to "example.com <http://example.com>"? > > Is the idea that DNS providers will vary the shared keys? > > thanks, > Rob > > _______________________________________________ > TLS mailing list > TLS@ietf.org <mailto:TLS@ietf.org> > https://www.ietf.org/mailman/listinfo/tls > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
