things like ECH require interaction with the DNS. from discussion at IETF 110, it sounds like those records are baked into the clients.
It would be good to formalize how the relevant DNS RRs are handed to the endpoints. This would permit modeling an attacker who is capable of observing/delaying/tampering with DNS responses.
things like ECH require interaction with the DNS. from discussion at IETF 110, it sounds like those records are baked into the clients.
It would be good to formalize how the relevant DNS RRs are handed to the endpoints. This would permit modeling an attacker who is capable of observing/delaying/tampering with DNS responses.