On 8/10/2020 11:14 PM, Rob Sayre wrote: > On Mon, Aug 10, 2020 at 10:58 PM Peter Gutmann > <pgut...@cs.auckland.ac.nz <mailto:pgut...@cs.auckland.ac.nz>> wrote: > > Rob Sayre <say...@gmail.com <mailto:say...@gmail.com>> writes: > > >Do you think this fingerprinting will work with the newer ECH > design, if the > >client can add arbitrary content to the encrypted payload? > > ECH doesn't have any effect on web site fingerprinting so unless I've > misunderstood your question the answer would be "N/A". > > > Assuming the definition here: > https://tools.ietf.org/html/draft-wood-pearg-website-fingerprinting-00 > > it does seem like ECH would make this more difficult, at least for > pages in a large anonymity set. (agree that it won't matter much for > Twitter, Google, et al)
Defeating fingerprinting is really hard. It has been tried in the past, as in "make me look like Skype" or "make me look like wikipedia". The idea is to build a target model, then inject enough noise and padding in your traffic to match the target model. But that way easier to say than to do! -- Christian Huitema
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
