1

https://dnscrypt.info/faq/ states for both DNS over HTTPS and DNS over TLS that it

Provides more information than regular DNS to resolver operators in order to fingerprint clients

How so?

lucidbrot
  • 135
  • 1
  • 6

1 Answers1

1

TLS Resumption

TLS Resumption is a mechanism which allows the client to resume a recent TLS session so they can use the previously established session keys to continue encrypted communication and skip the key exchange step in the TLS handshake. However, it also allows sessions to be linked together by the server, so it can be used to track the client over longer periods of time.

A similar problem is presented by TCP Fast Open. Clients can send a TFO cookie to reduce the round trips required to open a TCP connection. However, like TLS resumption, this can be used to uniquely identify the client and track it across sessions.

HTTP Headers

Another way to fingerprint clients would be through User-Agent, Accept-Language and Cache HTTP headers to infer information about the client such as the client version, locale and possibly some information about a subset of the client's history, as mentioned in RFC 8484.

Of course, it's possible to mitigate most of this on the client side, by not utilizing TLS resumption or TCP fast open, and not sending accurate HTTP headers, perhaps even randomizing them (although I am not sure whether any DoH/DoT clients take care of this or not).

nobody
  • 11,251
  • 1
  • 41
  • 60
  • Thank you! Does TLS Resumption offer anything more in terms of fingerprinting compared to if the resolver was just looking at the source IP address? – lucidbrot Jul 30 '20 at 09:18
  • 1
    @lucidbrot Yes it does. IP addresses can change over time and *several* clients can be using one IP because of NATs. TLS resumption can link sessions from a **specific** client even across IP changes. – nobody Jul 30 '20 at 09:29
  • Even without TLS Resumption, there are so many variables in a TLS handshake, and specifically what is in the ClientHello packet, that the content can enable to pinpoint a specific client out of a crowd. – Patrick Mevzek Aug 03 '20 at 05:11
  • @PatrickMevzek Which variables do you specifically have in mind? – nobody Aug 03 '20 at 07:49
  • All the content of ClientHello, like list of ciphers and their orders for one. – Patrick Mevzek Aug 03 '20 at 15:25
  • @PatrickMevzek Well they can certainly be used to fingerprint the client, but I doubt they can be used to uniquely identify a specific client. – nobody Aug 03 '20 at 21:03