Only if the attacker has a valid certificate for the domain to complete the handshake with. Relyin...

jeroenhd • today at 10:15 AM • 2 replies • view on HN

Only if the attacker has a valid certificate for the domain to complete the handshake with.

Relying on HTTPS and SVCB records will probably allow a downgrade for some attackers, but if browsers roll out something akin to the HSTS preload list, then downgrade attacks become pretty difficult.

DNSSEC can also protect against malicious SVCB/HTTPS records and the spec recommends DoT/DoH against local MitM attacks to prevent this.

Replies

tptacek • today at 5:29 PM

DNSSEC can't protect against an ECH downgrade. ECH attackers are all on-path, and selectively blocking lookups is damaging even if you can't forge them. DoH is the answer here, not record integrity.

➕ show 1 reply

johnisgood • today at 12:30 PM

> but if browsers roll out something akin to the HSTS preload list, then downgrade attacks become pretty difficult.

Can you explain why, considering it is at the client's side ("browsers")?

➕ show 1 reply

alt Hacker News

Replies