On Fri, Jan 10, 2020 at 8:55 AM Stephane Bortzmeyer <bortzmeyer@xxxxxx> wrote:
On Thu, Jan 09, 2020 at 10:29:29AM -0800,
Eric Rescorla <ekr@xxxxxxxx> wrote
a message of 181 lines which said:
> > It means a standards compliant DoT implementation will have no
> > client identifiers, a standards compliant DoH implementation is
> > free to (and likely) to include them.
> >
>
> [Citation needed]
I'm not sure I understand your remark. Do you mean that Sara's
sentence should be backed up with specific references? I mean, since
DoH is HTTP and HTTP (unlike DNS) has a lot of headers that, together,
can identify a client, is it enough to reference HTTP RFCs to support
the claim?
1. I don't really know what "client identifiers" means. If it means "things that identify the implementation" then that isn't really correct, because the TLS ClientHello is quite characteristic.
2. "quite likely" is just speculation and given that Firefox, at least, is removing the User-Agent string (https://bugzilla.mozilla.org/show_bug.cgi?id=1543201), I think the evidence actually points in the other direction.
If it's
-Ekr
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
