Mikaela/mikaela.github.io
1
0
Fork 0
mirror of https://github.com/mikaela/mikaela.github.io/ synced 2025-01-24 19:24:19 +01:00
Code Issues Projects Releases Wiki Activity

n/dns.md: add ECH section

Browse Source
This commit is contained in:
Aminda Suomalainen 2024-04-25 11:09:25 +03:00
parent eabc3b013a
commit 494b02099a
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
n/dns.md
View File

@ -4,6 +4,8 @@ permalink: /n/dns.html
redirect_from: redirect_from:
- /n/ffupdater.html - /n/ffupdater.html
- /n/rethink.html - /n/rethink.html
- /n/esni.html
- /n/ech.html
sitemap: false sitemap: false
--- ---
@ -15,6 +17,7 @@ _For DNS resolvers, refer to [r/resolv.tsv](/r/resolv.tsv)_
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --> <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
- [Identifying DNS resolver](#identifying-dns-resolver) - [Identifying DNS resolver](#identifying-dns-resolver)
- [Identifying ECH support](#identifying-ech-support)
- [To ECS or not to ECS?](#to-ecs-or-not-to-ecs) - [To ECS or not to ECS?](#to-ecs-or-not-to-ecs)
- [Identifying support for client-subnet](#identifying-support-for-client-subnet) - [Identifying support for client-subnet](#identifying-support-for-client-subnet)
- [Mobile applications](#mobile-applications) - [Mobile applications](#mobile-applications)
@ -35,6 +38,20 @@ _For DNS resolvers, refer to [r/resolv.tsv](/r/resolv.tsv)_
The above list is based on [redirect2me/which-dns README alternatives section](https://github.com/redirect2me/which-dns/blob/main/README.md) The above list is based on [redirect2me/which-dns README alternatives section](https://github.com/redirect2me/which-dns/blob/main/README.md)
### Identifying ECH support
At it's current state of implementation, Encrypted Client-Hello requires
DNS-over-HTTPS in the browser level or it won't be used. If downgrade from
application level DoH to OS resolver is allowed, ECH will get disabled at
least temporary. Thus I think this list belongs here close enough.
- [Cloudflare Browser Check](https://www.cloudflare.com/ssl/encrypted-sni/)
which still speaks of ESNI, while ECH replaced Encrypted Server Name
Indication ages ago.
- [crypto.cloudflare.com/cdn-cgi/trace](https://crypto.cloudflare.com/cdn-cgi/trace),
look for `sni=encrypted`.
- [tls-ech.dev](https://tls-ech.dev/)
## To ECS or not to ECS? ## To ECS or not to ECS?
[_Understanding the Privacy Implications of ECS_](https://yacin.nadji.us/docs/pubs/dimva16_ecs.pdf) [_Understanding the Privacy Implications of ECS_](https://yacin.nadji.us/docs/pubs/dimva16_ecs.pdf)