W dniu 20.06.2018 o 10:57, Geert Stappers pisze:
> On Wed, Jun 20, 2018 at 10:11:53AM +0200, Nicolas Cavallari wrote:
>> On 14/06/2018 22:32, Kurt H Maier wrote:
>>> On Thu, Jun 14, 2018 at 09:38:42PM +0200, Mateusz Jo??czyk wrote:
>>>> How difficult would it be to add support to DNS over HTTP/2.0 in dnsmasq, 
>>>> for
>>>> example in constrained environments like home routers?
>>> This should be handled with a wrapper program.  HTTP/2.0 is an enormous
>>> and ill-defined specification and it would not be appropriate to bolt it
>>> directly into dnsmasq.  A dedicated HTTP/2.0 daemon can talk to dnsmasq
>>> on the backend to provide this service.  Home routers are not
>>> particularly constrained in this regard, since they generally have web 
>>> services running to begin with.
>> It's much more than that. To be secure, TLS requires time, entropy and a CA
>> list. Many home routers fails at having all three, or require the DNS to get
>> time and CAs...

DOH server certificate could be provided together with the DOH server IP.

Thank You. So, as has been said above, implementing HTTP/2.0 may be more
difficult then implementing HTTP/1.1.

I would therefore propose to add the following text to the DOH draft (at the end
of section "HTTP/2"):

        However, older versions of the HTTP standard are simpler to implement,
        and have enough capabilities for limited capability servers on embedded
        devices so DOH clients SHOULD be able to use DOH servers that support
        only older version(s) of the HTTP standard, such as HTTP/1.0 {{RFC1945}}
        and HTTP/1.1 {{RFC7230 - RFC7235}}.

>>>> Please send any replies to the DoH mailing list at <d...@ietf.org>.
>>> Why?

I asked this just for the sake of convenience.

Mateusz Jończyk

Attachment: signature.asc
Description: OpenPGP digital signature

Dnsmasq-discuss mailing list

Reply via email to