On Wed, Jan 8, 2020 at 6:06 PM Martin Thomson <m...@lowentropy.net> wrote:
> On Wed, Jan 8, 2020, at 23:51, Eric Rescorla wrote: > > On Tue, Jan 7, 2020 at 8:28 PM Rob Sayre <say...@gmail.com> wrote: > > > Couldn't servers give out unique URI templates? > > > > DoH doesn't specify how the clients get the templates. At least for a > > Firefox-style TRR program, what you describe can't happen because there > > is a single fixed template. > > It is true that the potential for providing individualized endpoints for > tracking purposes is an exposure. > .... > In the new work we are likely to undertake, this is something we'll have > to consider, but I don't see it as a huge issue .... > That is, in the context of pre-existing DNS discovery, I don't believe > that this creates a new exposure to this style of attack. > I generally agree with this. I do think this concern is relevant in discovered URI templates, and in assessing the value of TLS and Web PKI as signals of trust. thanks, Rob
_______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy