Hi,
In Section 6.2 of RFC 9230, its mentioned that SetupBaseS takes only 2 parameters (pkR, "odoh query") However, reference implementations are indeed using a randomiser from client side. enc, ctxI, err := hpke.SetupBaseS(suite, rand.Reader, pkR, []byte(ODOH_LABEL_QUERY)) (https://github.com/cloudflare/odoh-go/blob/7c6d9ff448c53e0e546f2afe915ad9608e11f7bd/odoh.go#L471) This has an implication on target implementations, If Targets assume the randomizer is not present in shared secret derivation, then Context is unique for Target Public Key and they may choose not to store/derive it per message per Public Key. If random seed is present, then contexts are unique only per message (DSN Query). So, this has an interoperability impact as Encrypt/Decrypt fails for Query Responses if wrong shared key/Context is used on Target side. IMHO, we might need to clarify this in RFC either by updating pseudocode for SetupBaseS or add a note that Target should derive shared secret/Context with every oblivious DNS query. Or its implicit somewhere in the RFC ? Regards, Ravi Mantha
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
