On Thu, Nov 13, 2014 at 10:24:13AM -1000, Phillip Hallam-Baker wrote: > I see two distinct use cases: > > 1) Web browsing > 2) Everything else. > > The challenges for (1) are latency, latency and latency. > > Shaving 10ms off the response of a browser is very important to the > Web browser team. Folk can argue that it should not be, but that is > the situation.
Perhaps this is a case where anyone wishing to make use of the additional privacy/security features provided from using DNS over TLS will need to accept the trade off that the addition comes at a performance cost? Especially if you consider the case where your local (stub?) resolver caches the responses I would imagine that after the first few minutes of browsing, once the cache is reasonably populated, that the overall performance impact of the changes will approach nil. > > If we are going to do DNS over TLS then looking at the existing Back > to my MAC protocol makes sense. But the caveat is that does not look > like an application where ultra-low latency is a requirement. > > > There are two ways to address the latency issue for Web browsing: > > 1) Design a protocol tuned for ultra low latency with 1 round trip over UDP. > 2) Combine the DNS requests with other data requests that the browser > would make. > > Private-DNS takes approach 1 > OmniQuery takes approach 1 and 2 > > Once you decide to combine data feeds, you have changed the protocol > anyway and might as well tune for performance. > > On Tue, Nov 11, 2014 at 2:45 PM, Stuart Cheshire <[email protected]> wrote: > > I’m unable to attend the DPRIVE meeting in person because it overlaps with > > TAPS. > > > > I see on the agenda discussion of items like Private DNS and DNS over TLS. > > > > A historical note: Apple’s Back to My Mac service uses DNS over TLS to > > provide confidentiality for the queries. This is described in RFC 6281. > > > > The client looks up the SRV record “_dns-query-tls._tcp.example.com” to > > find the target host and port which will answer DNS-over-TLS queries for > > the domain “example.com”, and then the client sends subsequent queries for > > “example.com” names directly there (bypassing the local DNS cache). > > > > Stuart Cheshire > > > > _______________________________________________ > > dns-privacy mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/dns-privacy > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy -- Joshua Smith Lead Systems Administrator WVNET Montani Semper Liberi _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
