Hi Karl, On 3/14/19 3:18 PM, Henderson, Karl wrote: > In the last couple of days there has been a lot of activity concerning DNS > over HTTPS (DoH) - Hoffman and Alibaba presentations at ICANN and IETF > drafts: > draft-reid-doh-operator/draft-livingood-doh-implementation-risks-issues/draft-betola-bcp-doh-clients. > > These discussions have focused on DoH for client (typically web browser) > communication with recursive resolvers, and its comparisons with DoT for this > purpose. > > Is there any compelling reason at this point to be considering DoH for > recursive resolver-to-authoritative name server communications? > > As I noted at the DPRIVE interim meeting, the working group needs empirical > studies looking at performance and attack vectors for authoritative DNS > encryption. > > Unless there are compelling reasons to consider Authoritative DoH, I propose > the working group focus its authoritative DNS encryption assessments around > Authoritative DoT. > > In support, I am willing to co-author an Authoritative DoT operational > consideration draft in order to outline the operational challenges the > community needs to address - similar to the draft-reid-doh-operator draft > between client and recursive.
Thanks for volunteering for such a task. Before we go that route, can you confirm that the information that has been collected to date on recursive to authoritative captures all the issues from your perspective? https://github.com/DPRIVE/dprive-v2-ms-and-reqs/blob/master/dprive-v2-ms-and-reqs.md Regards, Brian
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
