On Wed, Jan 8, 2020 at 6:06 PM Martin Thomson <mt@xxxxxxxxxxxxxx> wrote:
On Wed, Jan 8, 2020, at 23:51, Eric Rescorla wrote:
> On Tue, Jan 7, 2020 at 8:28 PM Rob Sayre <sayrer@xxxxxxxxx> wrote:
> > Couldn't servers give out unique URI templates?
>
> DoH doesn't specify how the clients get the templates. At least for a
> Firefox-style TRR program, what you describe can't happen because there
> is a single fixed template.
It is true that the potential for providing individualized endpoints for tracking purposes is an exposure.
...
In the new work we are likely to undertake, this is something we'll have to consider, but I don't see it as a huge issue
...
That is, in the context of pre-existing DNS discovery, I don't believe that this creates a new exposure to this style of attack.
I generally agree with this. I do think this concern is relevant in discovered URI templates, and in assessing the value of TLS and Web PKI as signals of trust.
thanks,
Rob
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
