In the last couple of days there has been a lot of activity concerning DNS over HTTPS (DoH) - Hoffman and Alibaba presentations at ICANN and IETF drafts: draft-reid-doh-operator/draft-livingood-doh-implementation-risks-issues/draft-betola-bcp-doh-clients.
These discussions have focused on DoH for client (typically web browser) communication with recursive resolvers, and its comparisons with DoT for this purpose. Is there any compelling reason at this point to be considering DoH for recursive resolver-to-authoritative name server communications? As I noted at the DPRIVE interim meeting, the working group needs empirical studies looking at performance and attack vectors for authoritative DNS encryption. Unless there are compelling reasons to consider Authoritative DoH, I propose the working group focus its authoritative DNS encryption assessments around Authoritative DoT. In support, I am willing to co-author an Authoritative DoT operational consideration draft in order to outline the operational challenges the community needs to address - similar to the draft-reid-doh-operator draft between client and recursive.
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
