Christian Huitema <[email protected]> wrote: > > An attacker could replay the 0-RTT packet, and observe whether it > creates a particular side effect at the server end. For example, replay > the traffic from client to recursive, and observe whether the resolver > issues a query to particular DNS server.
Ah, yes, if you can see the upstream queries, even when encrypted they are quite a lot more leaky than the cache side channel. I'm now imagining a resolver that sends steganographic chaff queries when there's a cache miss :-) Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ people involved in running their communities _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
