On Nov 13, 2014, at 10:24 AM, Phillip Hallam-Baker <[email protected]> wrote:
> I see two distinct use cases: > > 1) Web browsing > 2) Everything else. > > The challenges for (1) are latency, latency and latency. > > Shaving 10ms off the response of a browser is very important to the > Web browser team. Folk can argue that it should not be, but that is > the situation. > > If we are going to do DNS over TLS then looking at the existing Back > to my MAC protocol makes sense. But the caveat is that does not look > like an application where ultra-low latency is a requirement. > > > There are two ways to address the latency issue for Web browsing: > > 1) Design a protocol tuned for ultra low latency with 1 round trip over UDP. > 2) Combine the DNS requests with other data requests that the browser > would make. > > Private-DNS takes approach 1 (D)TLS 1.3 takes approach 1 with TLS 1.3, which is optimizing for 0 round trip (for servers previously used) or 1 round trip (for new servers). -d > OmniQuery takes approach 1 and 2 > > Once you decide to combine data feeds, you have changed the protocol > anyway and might as well tune for performance. > > On Tue, Nov 11, 2014 at 2:45 PM, Stuart Cheshire <[email protected]> wrote: >> I’m unable to attend the DPRIVE meeting in person because it overlaps with >> TAPS. >> >> I see on the agenda discussion of items like Private DNS and DNS over TLS. >> >> A historical note: Apple’s Back to My Mac service uses DNS over TLS to >> provide confidentiality for the queries. This is described in RFC 6281. >> >> The client looks up the SRV record “_dns-query-tls._tcp.example.com” to find >> the target host and port which will answer DNS-over-TLS queries for the >> domain “example.com”, and then the client sends subsequent queries for >> “example.com” names directly there (bypassing the local DNS cache). >> >> Stuart Cheshire >> >> _______________________________________________ >> dns-privacy mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dns-privacy > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
