On 8/10/2020 9:26 PM, Peter Gutmann wrote: > Christopher Wood <c...@heapingbits.net> writes: > >> For the benefit of the list, would you mind sharing these references? > I handwaved this one because I don't catalogue these things and didn't want to > try and re-locate every preprint, paper, and report that's drifted across my > desk in the last 6-12 months to try and find the relevant stuff... a recent > one that I remember because it was published just a few days ago at Usenix > Security after existing as an arXiv preprint for over a year, that's not ESNI > but eDNS so almost the same thing, was "Padding Ain't Enough: Assessing the > Privacy Guarantees of Encrypted DNS" which reports, and references other > papers which report, an 80-90% success rate in de-anonymising encrypted DNS. > The ESNI de-anonymisation is the standard web-site fingerprinting that's been > used in the past to e.g. find people's incomes based on their encrypted > traffic to tax filing sites. In other words it doesn't care whether ESNI is > used or not since it doesn't use it.
Fingerprinting is a real issue but from the reports, this is not what is happening here. The researcher's experiments isolate a simple pattern matching technique applied to the first client flight. -- Christian Huitema
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
