Conversation

Notices

1. Ruby Rhod (feld@bikeshed.party)'s status on Thursday, 12-Sep-2019 18:44:24 UTC Ruby Rhod

   • Ruby Rhod
   @nihl you're asking the right questions and I know half the answers (you're right on track here) but I've reached out to my contact at Bluecoat to seek some more details. I'll forward on what I learn.
   • Ruby Rhod (feld@bikeshed.party)'s status on Thursday, 12-Sep-2019 18:50:41 UTC Ruby Rhod
     @nihl yeah I want to know what happens when you reject ESNI or filter out the DNS record for the published key
   • Ruby Rhod (feld@bikeshed.party)'s status on Thursday, 12-Sep-2019 18:54:14 UTC Ruby Rhod
     @nihl I initially thought you could steal the ClientHello or carve out the ESNI request to replay the packet and see what they were requesting by reading the certificate in the response, but there is an ephemeral ECDHE key used by the client sent with the request.
     
     Client:
     
     1. look up dns, get key
     2. generate ECDHE key for protecting response
     3. send ESNI encrypted with key from DNS
     4. get response back, encrypted with your ECDHE key
     5. decrypt the response and get your cert chain, etc
     6. continue as normal
     
     Makes this tricky to intercept if you don't have the client pwned.