foobuzz

by Valentin, August 11 2018, in tech

Let's not forget about SNI

Mozilla is launching one of their "shield studies" (experimental features they push on Firefox Nightly or some low percentage of regular Firefox's users) which consists in using DNS over HTTPS with Cloudflare's DNS (1.1.1.1) by default.

As for anything over HTTPS, DNS over HTTPS (DoH) brings two guaranties:

  1. Encryption: nobody can spy on the domain name being resolved between you and the resolver
  2. Authenticity: the result of the DNS query has not been altered in transit between the resolver and you

The reason Mozilla uses Cloudflare as the default provider is firstly because in order for DoH to work, the resolver must support it, which isn't the case for many default ISP's own resolvers (used by default by most users), and secondly because they think ISPs cannot be trusted whereas Cloudflare should be: they link this page, by stating that it constitutes a "very strong privacy agreement", which seems legit since there literally is the word "promise" in it. Forgive my skepticism, but I find this part of Mozilla's argumentation rather clumsy. A recent blog post shares my doubts.

What everybody seems to forget about, however, is that in any case ISPs can still spy on the domains their users connect to. When a browser wants to start an HTTPS connection with a server, first the IP of the domain is resolved (using DNS, or DoH, as it happens), then the browser asks the server for its certificate (some data which proves that the server really is the one it says it is) using the resolved IP to route the request. However, since multiple domains can be hosted behind the same IP address, and a certificate only validates one domain, the browser must send the domain alongside the IP, so that the server can know what certificate to answer with. All of this passes through the user's ISP in clear.

This is called Server Name Indication (SNI), and you can read more about it in this very good StackOverflow answer. As you may guess, some users on Reddit already made the remark, as well as on Hacker News.

In conclusion, even if ISPs would be considered less trusted than a centralized provider, using a centralized DNS provider doesn't quite solve the problem since the domain are still sent in clear to the ISP. Although extracting the domains from TLS handshakes might be technically more complicated than just looking at DNS logs, if we're assuming malicious ISPs in a first place, there is no reason they wouldn't do it.