On Fri, Jan 10, 2020 at 8:55 AM Stephane Bortzmeyer <[email protected]> wrote:
> On Thu, Jan 09, 2020 at 10:29:29AM -0800, > Eric Rescorla <[email protected]> wrote > a message of 181 lines which said: > > > > It means a standards compliant DoT implementation will have no > > > client identifiers, a standards compliant DoH implementation is > > > free to (and likely) to include them. > > > > > > > [Citation needed] > > I'm not sure I understand your remark. Do you mean that Sara's > sentence should be backed up with specific references? I mean, since > DoH is HTTP and HTTP (unlike DNS) has a lot of headers that, together, > can identify a client, is it enough to reference HTTP RFCs to support > the claim? > 1. I don't really know what "client identifiers" means. If it means "things that identify the implementation" then that isn't really correct, because the TLS ClientHello is quite characteristic. 2. "quite likely" is just speculation and given that Firefox, at least, is removing the User-Agent string ( https://bugzilla.mozilla.org/show_bug.cgi?id=1543201), I think the evidence actually points in the other direction. If it's -Ekr
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
