On Wed, Nov 19, 2014 at 2:43 AM, 🔓Dan Wing <[email protected]> wrote: > > On Nov 13, 2014, at 10:24 AM, Phillip Hallam-Baker <[email protected]> > wrote: > >> I see two distinct use cases: >> >> 1) Web browsing >> 2) Everything else. >> >> The challenges for (1) are latency, latency and latency. >> >> Shaving 10ms off the response of a browser is very important to the >> Web browser team. Folk can argue that it should not be, but that is >> the situation. >> >> If we are going to do DNS over TLS then looking at the existing Back >> to my MAC protocol makes sense. But the caveat is that does not look >> like an application where ultra-low latency is a requirement. >> >> >> There are two ways to address the latency issue for Web browsing: >> >> 1) Design a protocol tuned for ultra low latency with 1 round trip over UDP. >> 2) Combine the DNS requests with other data requests that the browser >> would make. >> >> Private-DNS takes approach 1 > > (D)TLS 1.3 takes approach 1 with TLS 1.3, which is optimizing for 0 round > trip (for servers previously used) or 1 round trip (for new servers).
If its 1 round trip then we are talking about DTLS not TLS. The thing I didn't like about using DTLS is that I have to profile pretty severely to make the code footprint minimal. And once you profile you have to rewrite libraries to only use the profile features. TLS has a stateless session resumption option but it would need to be mandatory for DNS over TLS to be viable. And it would have to be possible to set decent sized timeouts for the negotiated sessions. On the performance side, PRIVATE-DNS is providing better performance for the typical approach of doing an A and a AAAA record lookup in parallel since these are typically handled in one request/response packet rather than two. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
