Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not proving that a local network doesn't have an encrypted resolver #7

Open
chris-box opened this issue Sep 3, 2020 · 1 comment
Open

Not proving that a local network doesn't have an encrypted resolver #7

chris-box opened this issue Sep 3, 2020 · 1 comment
Labels
design

Comments

@chris-box
Copy link
Contributor

@chris-box chris-box commented Sep 3, 2020

On the thread, we discussed limiting the capabilities of this attacker to not worry about proving that a local network doesn't have an encrypted resolver, etc. Chris Wood, can you help here?

Originally posted by @tfpauly in #2 (comment)
@chris-box
Copy link
Contributor Author

@chris-box chris-box commented Sep 3, 2020

Tiru said: An on-path attacker typically will not be always present in the network; the client can remember that a network-provided encrypted resolver is provided by the network (e.g., store the certificate fingerprint or authentication domain name associated with SSID:BSSID). If the endpoint cannot discover the network-provided resolver when it re-attaches to the network, it can assume an attacker blocked the discovery.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
design
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chris-box