[Cryptography] Novelty versus reuse
Lee Clagett
forum at leeclagett.com
Tue Jun 29 17:42:03 EDT 2021
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, June 28th, 2021 at 10:10 AM, Bill Woodcock <woody at pch.net> wrote:
> So, I’m not a cryptographer. At all. Could any of y’all who actually are help me understand why this:
>
> draft-irtf-cfrg-rsa-blind-signatures-00
>
> …is preferable for authenticating DoH clients to DoH servers, rather than using, say, realm auth, or client certificates? In, you know, explain-like-I’m-five language?
>
> I get that realm auth and client certs are really old, but what would make them less appropriate for this task, and is the RSA blind signature thing standardized enough in other contexts that it’s no more work to implement on an HTTPS connection than a client cert or realm auth would be?
>
Is this for their new "oblivious dns over https" ? RSA blind signatures
should be useful in their attempts to create a blinded proxy. The other
approaches leak information to the client unless another encryption
layer is used (thus RSA blind signatures).
Lee
More information about the cryptography
mailing list