On Mon, 16 Jul 2018, Tony Finch wrote:
Ben Schwartz <[email protected]> wrote:
(I suspect they might object to the multi-query session semantics, or the
wide variety of TLS ClientHellos, but I don't actually know.)
Multi-query sessions are much less objectionable than one-shot sessione:
you amortize both the session setup crypto costs and the latency. (If you
have a browser-like spikey query profile then sessions don't need much
idle time to win.)
Not from a privacy point of view. Me opening my laptop with 15 browser tabs
is basically guaranteed to fingerprint me completely.
There are of course other mitigations (no cache flush between network
switching, prefetching, etc) and I don't think the user can afford every
single DNS query to start its own TCP connection, but not allowing one
shot sessions would be rather drastic.
Paul
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
