You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: report/deployment/incentives.md
+5-2Lines changed: 5 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,12 +1,15 @@
1
1
# Deployment Incentives
2
2
3
-
This section looks which organizations have interests in deploying ECH.
3
+
As mentioned in the [overview](../index.md) section, we see a game-theoretic problem: most organisations which host web services might not have the proper incentives to protect the client's privacy without additional rewards: they have no incentive to do so. Instead, managing the complex ECH setup, adds additional business continuity risks.
4
+
5
+
Therefore, this section looks at organizations which could have an interest in deploying ECH.
4
6
5
7
## Anti-Censor and Anti-Oppression
6
8
7
9
Various organizations that address humans in countries and regions with oppression and legal pressure, like human rights organisations have an interest in protecting their website vistors' identity and thus using ECH as well as protect their website behind CDNs to reduce the risk of de-anonymization by traffic correlation analysis.
8
10
9
11
In all regions, the same applies to whistle-blower platforms which are possible under close observation by political, legal or corporate organizations.
12
+
10
13
## Malware - C2 operators
11
14
12
15
Unencypted SNI/Client Hello and TLS Metadata (cipher suite lists, advertised extensions) are being used to identify malware-generated traffic, e.g.: <https://blogs.cisco.com/security/detecting-encrypted-malware-traffic-without-decryption>
@@ -16,7 +19,7 @@ Currently, the usage of ECH is very low and thus in itself suspicious. To hide t
16
19
17
20
## Pornography industry
18
21
19
-
Starting with February 2019, South Korea started blocking TLS-encrypted traffic to sites forbidden by the policies, most prominently pornography.
22
+
Starting with February 2019, South Korea started blocking TLS-encrypted traffic to sites forbidden by the policies, most prominently pornography.
20
23
The porn industry, being blocked, has therefore a commercial interest in using ECH, which allows them to reach customers in an entire 50-million-inhabitant country.
21
24
22
25
-[South Korea to Extend Site Blocking by Snooping on SNI - technadu.com, August 1st, 2021](https://www.technadu.com/south-korea-extend-site-blocking-snooping-sni/58125/)
Copy file name to clipboardExpand all lines: report/deployment/overview.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -47,7 +47,7 @@ The ZF must be aware of the following:
47
47
48
48
The ZF requires write access to the zone files and must have the capability to reload the nameserver configuration. This setup is non-trivial for a systems administrator, as misconfigurations or oversights can introduce complications.
49
49
50
-
It is imperative to secure the WKECH directory: it must contain only public keys, be immutable (including to any aliases), and limit access solely to the web server itself. For more information, please refer to the section on [WKECH](../../weaknesses/wkech).
50
+
It is imperative to secure the WKECH directory: it must contain only public keys, be immutable (including to any aliases), and limit access solely to the web server itself. For more information, please refer to the section on [WKECH](../../weaknesses/wkech.md).
Copy file name to clipboardExpand all lines: report/index.md
+14-7Lines changed: 14 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,15 +19,22 @@ While ECH provides privacy improvements over cleartext SNI, the protocol also in
19
19
20
20
From the clients' perspective, the main question is:
21
21
22
-
- which DoH/DoT recursive servers can one use? Are they even reachable from within the country of the client? Or are they blocked, re-directed or manipulated? Untrusted DoH/DoT recursive servers pose a problem
23
-
- Can the client detect downgrade attacks and how does it deal with them? The RFC standard is a big vague here (["...the client SHOULD abandon its attempt to reach the service"](https://www.rfc-editor.org/rfc/rfc9460.html#name-handling-resolution-failure))
22
+
- which DoH/DoT recursive servers can one use? Are they even reachable from within the country of the client? Or are they blocked, re-directed or manipulated? Untrusted DoH/DoT recursive servers pose a security as well as a privacy problem.
23
+
- Can the client detect downgrade attacks and how does it deal with them? The RFC standard is a big vague here (SHOULD vs. MUST) (["...the client SHOULD abandon its attempt to reach the service"](https://www.rfc-editor.org/rfc/rfc9460.html#name-handling-resolution-failure))
24
24
25
25
In addition, the authors of this report see two major concerns with ECH deployments for the internet as a whole:
26
26
27
-
1. ECH leads to more centralization of the internet: the CDNs will profit. More centralization actually leads to more data being in the hands of one or a handful of organisations only. Therefore, the risk of de-anonymization by combining and correlating different data sets (ECH configs, DNS recursor query logs (such as [passive DNS](https://www.ietf.org/archive/id/draft-dulaunoy-dnsop-passive-dns-cof-12.html), DNS query traces), [Certificate transparency logs (CTLs)](https://datatracker.ietf.org/doc/rfc6962/)) actually *increases*: any organisation combining these data sets could most probably completely de-anonymize the traffic
28
-
2. The complexity of the protocol and the setup costs (in terms of manpower) favor the large players. Smaller players might make mistakes in their setups.
29
-
3. Small and medium size organisations often don't host that many services on one IP address anyway. See "[The web is still small after more than a decade](https://www.researchgate.net/publication/341627684_The_web_is_still_small_after_more_than_a_decade)", Nguyen Phong Hoang, et. al. Therefore the anonymity data set is usually small. Guessing and inferring which hostname a client connected to is trivial in this case.
30
-
4. Smaller and medium sized organisations won't necessarily profit from protecting the clients' privacy. Exceptions are listed in [incentives](deployment/incentives.md)
27
+
1. ECH depends on multiple protocols and specifications to work together seamlessly. The protocol's fundamental reliance on DNS creates a large attack surface that inherits all DNS security issues.
28
+
In addition to DNS, quite a few other protocols are involved. This creates an even bigger attack surface. The interfaces between protocols are usually interesting targets for attackers. We recommend that the authors of the RFC drafts closely take a look at these edge-case vulnerabilities. The report highlights some of those such as the WKECH interface between DNS zones and CFS/backend servers.
29
+
2. ECH leads to more centralization of the internet: the CDNs will profit. More centralization actually leads to more data being in the hands of only one or just a handful of organisations. Therefore, the risk of de-anonymization by combining and correlating different data sets (ECH configs, DNS recursor query logs (such as [passive DNS](https://www.ietf.org/archive/id/draft-dulaunoy-dnsop-passive-dns-cof-12.html), DNS query traces), [Certificate transparency logs (CTLs)](https://datatracker.ietf.org/doc/rfc6962/)) actually *increases*: any organisation combining these data sets could most probably completely de-anonymize the traffic.
30
+
3. The complexity of the protocol and the setup costs (in terms of manpower) favor the large players. Smaller players might make mistakes in their setups.
31
+
4. Small and medium size organisations often don't host that many services on one IP address anyway. See "[The web is still small after more than a decade](https://www.researchgate.net/publication/341627684_The_web_is_still_small_after_more_than_a_decade)", Nguyen Phong Hoang, et. al. Therefore the anonymity data set is usually small. Guessing and inferring which hostname a client connected to is trivial in the case that one IP address only hosts one service with one hostname.
32
+
5. Smaller and medium sized organisations won't necessarily profit from protecting the clients' privacy. Exceptions are listed in [incentives](deployment/incentives.md). So why should they bother deploying ECH (and risking downtime)? We have a game-theoretic problem here. Which in turn will only lead to more centralization (see 3.) which will lead to 2.
33
+
34
+
Nevertheless, apart from these overall considerations, we recommend that organizations wishing to deploy ECH should prioritize
35
+
36
+
- security controls around DNS infrastructure,
37
+
- implement robust monitoring for ECH-related attacks,
38
+
- and prepare for the operational complexity introduced by the protocol's multi-layer dependencies.
31
39
32
-
Organizations considering ECH deployment should prioritize security controls around DNS infrastructure, implement robust monitoring for ECH-related attacks, and prepare for the operational complexity introduced by the protocol's multi-layer dependencies.
0 commit comments