martinthomson
commented
3 years ago Yeah, the same applies here. We rely on the proxy not leaking certain information, but that does not necessarily extend to a reliance on TLS for that hop. Worth noting.
Closed chris-wood closed 3 years ago
martinthomson
commented
3 years ago Yeah, the same applies here. We rely on the proxy not leaking certain information, but that does not necessarily extend to a reliance on TLS for that hop. Worth noting.
Clients and proxies create independent TLS connections to the upstream node in the OHTTP chain. This raises some interesting questions:
The ODoH model does not assume a secure connection between proxy and target, so I don't think this has an effect on the security properties of OHTTP. That said, it may be worth noting explicitly, if we don't already do so.