[kind of off-topic here, and also speaking as just an individual] On Fri, Oct 4, 2024 at 3:28 PM Erik Nygren <erik+i...@nygren.org> wrote:
> > On Fri, Oct 4, 2024 at 3:20 PM Stephen Farrell <stephen.farr...@cs.tcd.ie> > wrote: > >> >> On 10/4/24 19:30, Paul Wouters wrote: >> > Which makes me wonder if it makes sense to advise long TTLs on these >> > records so that they move along on your phone/laptop even if you enter >> > these kind of networks. >> >> There's a tension between that and getting better forward-secrecy >> by rotating ECH keys regularly. I don't think we're yet at a point >> where we'd have something that useful to recommend in terms of >> resolving that tension. (And that's ignoring the tension between >> wanting, and disliking, ECH;-) >> > > This is explicitly prohibited rfc9460 as it would provide linkability. > See rfc9460 section 12: "Clients MUST ensure that their DNS cache is > partitioned for each local network, or flushed on network changes, to > prevent a local adversary in one network from implanting a forged DNS > record that allows them to track users or hinder their connections after > they leave that network." > Not if the ECH record is DNSSEC signed. > As an example, an attacker could return ech values with tracking > information and use that to correlate clients across network changes. > This seems like a much worse outcome since it could be done server-side > and could impact all users, not just users > trying to get privacy from their local network operator. > Running firefox with 40 tabs and switching networks, and those tabs getting reloaded requiring DNS lookups because the cache got flushed is surely the easiest and best fingerprinting any attacker could wish for out of my laptop. Flushing DNS on each network change is extremely unwise, even if 9460 limits that advise to flushing ECH records. But as stated in this thread already, if ECH records are not DNSSEC signed, and you didn't have a trustworthy preconfigured DoH/DoT, then ECH is pointless on that network anyway. You would be handing over your trust to an unknown and possibly untrusted party. And in these days of wifi networks at shopping malls being designed for traffic which shops you visit, trusting random wifi hotspots for privacy (and maintained security to prevent privacy loss through security breaches) is your worst choice. Paul
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
