Path: ...!weretis.net!feeder9.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.198.18.1.11!not-for-mail
From: Grant Taylor <gtaylor@tnetconsulting.net>
Newsgroups: comp.misc
Subject: Re: [LINK] Calling time on DNSSEC?
Date: Wed, 4 Dec 2024 19:19:55 -0600
Organization: TNet Consulting
Message-ID: <viqv3r$l6j$1@tncsrv09.home.tnetconsulting.net>
References: <67464f37@news.ausics.net>
 <vi68n4$k3r$1@tncsrv09.home.tnetconsulting.net>
 <wwva5dlul1r.fsf@LkoBDZeT.terraraq.uk>
 <vi8tkg$8ha$1@tncsrv09.home.tnetconsulting.net>
 <wwva5dj91v4.fsf@LkoBDZeT.terraraq.uk> <vim7jd$3t1l3$1@dont-email.me>
 <viobpa$s79$2@tncsrv09.home.tnetconsulting.net>
 <wwvjzcf6dva.fsf@LkoBDZeT.terraraq.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 5 Dec 2024 01:19:55 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="198.18.1.11";
	logging-data="21715"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla Thunderbird
Content-Language: en-US
In-Reply-To: <wwvjzcf6dva.fsf@LkoBDZeT.terraraq.uk>
Bytes: 1771
Lines: 18

On 12/4/24 02:39, Richard Kettlewell wrote:
> Better than nothing, although in many cases I’d expect that traffic 
> analysis could be used to narrow down which site was being visited 
> even without name information being available.

Yes, traffic analysis can infer and / or interfere with things.

There's also domain fronting.  }:-)

> If there’s multiple sites served by a single IP address then the 
> attack can just indiscriminately block all of them. Encrypting name 
> information can’t prevent that.

Quite ;-)



-- 
Grant. . . .