Closed tireddy2 closed 1 year ago
tfpauly
commented
2 years ago I was thinking that either you would:
tireddy2
commented
2 years ago I like the first approach compared to the proprietary method :)
tireddy2
commented
2 years ago I see draft-schwartz-ohai-consistency-doublecheck solves the problem by including the DoH path in the service description host.
tfpauly
commented
2 years ago Yeah, that works if you have some such dictionary file.
tireddy2
commented
2 years ago we may want to consider using a separate section to list the possible remediation mechanisms to detect unique DoH path attack.
Some options include: only allow common DoH paths (such as the de-facto default "/dns-query{?dns}"); performing consistency checks by fetching the information about the resolver over multiple resolution paths; or coordinating with a trusted oblivious relay to validate that DoH paths are common across clients using the same gateway.
Comment> The consistency check discussed above in security considerations section is not clear to me. For example, in case of DNR, the client will use DHCP/RA to learn the DoH path and it can use discovered ADN or Do53 to do the the SVCB lookup to cross-check both DoH paths are matching.
I don't get how the client will co-ordinate with a oblivious relay to validate that DoH path. Is the client supposed to use the de-facto URI path to retrieve the actual URI path from the Oblivious DoH service.