On Fri, Feb 17, 2017 at 9:47 PM, John R Levine wrote:
> 1. Multiple domains on the same host set the same SNI record. Possession
>> of a global DNS database is no help to the adversary. The adversary still
>> cannot distinguish the domains. This is the intended use.
>>
>
> Now I'm really confu
1. Multiple domains on the same host set the same SNI record. Possession
of a global DNS database is no help to the adversary. The adversary still
cannot distinguish the domains. This is the intended use.
Now I'm really confused. If the SNI value is just a cover name, and the
client's going
I wrote a similar draft a few years ago which I've been considering
resurrecting if there is interest:
https://tools.ietf.org/html/draft-nygren-service-bindings-00
One of the big challenges that at least in the web context, browsers want
to make as few DNS lookups as possible prior to making
In article
you write:
>I know this approach is controversial, so I'm also very curious to hear any
>suggestions of other ways that we could fix this privacy leak without
>slowing down everyone's connections.
I have problems with the word "other". This approach depends for its
security on the as
For those following along with this draft, I've just published -04.
--
Wes Hardaker
USC/ISI
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
Hi,
Just rereading before the meeting.
Re:
> If there is an IETF process through which a name can be assigned at
> zero cost other than time, this process will be used as an alternative
> to purchasing the name through ICANN.
perhaps just a small thing but it is not really a purchase but more
On 02/17/2017 12:21 AM, Wes Hardaker wrote:
> Wes Hardaker writes:
>
>> Fortunately, after a quick conversation we've recovered the reason.
>> Publishing a new version with a break-out explanation shortly. The 3/2
>> is absolutely is needed.
>
> I've published -03 which adds new text just below