On 8/18/18, 7:03 PM, "DNSOP on behalf of bert hubert" <[email protected]
on behalf of [email protected]> wrote:
Especially when such a move will incidentally kill intranets, VPNs, split
horizon, DNS monitoring & DNS malware detecion and blocking.
It seems to me that the underlying protocol is separable from the operational
implementation, and the latter case is likely where most of the concerns lie.
Thus, the issue is likely less DoH itself but rather how it is likely to be
deployed.
I am considering starting work on a draft along the lines of 'potential impacts
of DoH deployment' to try to document some of this, if for nothing else than to
organize my own thinking on the matter. This is because I also share concern,
given the apparent deployment model, around what may break in enterprise
networks, malware detection & remediation, walled garden portals during service
provisioning, parental controls, and the impacts of eliminating other local
policies. The CDN-to-CDN competition case is an interesting one as well, with
respect to passing EDNS client subnet or not.
JL
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
