You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The "Fingerprinting & Client Privacy" section suggests that the trust store identifier should be as specific as possible, and will inherently be able to be used as a way to disambiguate Chromium derivatives. This is false.
The decision of how specific of an identifier in trust expressions is a tradeoff left to the user, and the draft provides guidance. The Trust Expressions draft describes the identifier as selecting an anonymity set, including cross-client for those clients that sit downstream of another root program, and suggests that it should be versioned only when it changes. See Section 10, Privacy Considerations. It also notes that Chromium derivatives could share the same identifier.
The TLS WG does not hold RFCs to the standard of “what is the worst possible configuration for an anonymity set”---if it did, ECH would be seen as providing no privacy value, as it is possible to use it with a 1:1 mapping from key to domain.
The privacy properties of Trust Expressions are discussed in the draft, and have gone through several rounds of updates. Please ensure your analysis is based on the most up to date version of the draft.
The text was updated successfully, but these errors were encountered:
The "Fingerprinting & Client Privacy" section suggests that the trust store identifier should be as specific as possible, and will inherently be able to be used as a way to disambiguate Chromium derivatives. This is false.
The decision of how specific of an identifier in trust expressions is a tradeoff left to the user, and the draft provides guidance. The Trust Expressions draft describes the identifier as selecting an anonymity set, including cross-client for those clients that sit downstream of another root program, and suggests that it should be versioned only when it changes. See Section 10, Privacy Considerations. It also notes that Chromium derivatives could share the same identifier.
The TLS WG does not hold RFCs to the standard of “what is the worst possible configuration for an anonymity set”---if it did, ECH would be seen as providing no privacy value, as it is possible to use it with a 1:1 mapping from key to domain.
The privacy properties of Trust Expressions are discussed in the draft, and have gone through several rounds of updates. Please ensure your analysis is based on the most up to date version of the draft.
The text was updated successfully, but these errors were encountered: