-
Jari says:
> [O]ne thing that is not discussed but perhaps should be is the role of discovery. We seem to have an increasing number of solutions that are built for relatively fixed linkages between…
-
Today I noticed weboost.com hangs while loading because the images that come from assets.wilsonelectronics.com are blocked.
assets.wilsonelectronics.com resolves to Cloudflare IPs for me:
104.26…
-
> Attackers on a network can remove SVCB information from cleartext DNS answers [...] Use of encrypted DNS or DNSSEC also can be used as mitigations.
These two things are very different. DNSSEC pr…
-
The document talks about discovering *targets*, or oblivious target resources. It also specifies a location for a key configuration.
The key configuration is a property of the oblivious ***request*…
-
There are several things wrong here. Since they're in close proximity, it makes more sense to tackle them at once.
1. The colorspace is never checked. Rather the yuv data is just handed off to FFN…
-
This probably covers a bunch of things, so I'll start with a few things that might want to be discovered automatically:
1. Clients might want to ask the oblivious proxy resource which oblivious req…
-
I have just built a Turing Machine and have obliviously taken a wrong turn somewhere. When I turn on the power supply my Tiptop Zeus and any of my other modules with led's flash on and off at a stead…
-
_Not entirely sure how this fits in the threat model, but I thought it is worth documenting this scenario so implementations can pay attention._
### Attack
An oDoH target can abuse the round-robi…
-
Would be nice to implement into DNSecure app also the Apple / Cludflare newly developed ODoH protocol.
At the moment seems that such DNS server is provided by Cloudflare only, but other will follow s…
ghost updated
3 years ago
-
Is it fair to say the goal is that the attacker cannot link clients to corresponding (query, answer) pairs, even when one of proxy P or target T is compromised?
Given that goal, let's do a case ana…