[Alac-sc-outreach] [EURO-Discuss] Report IETF 108 meeting

Matthias M. Hudobnik matthias at hudobnik.at
Sun Sep 27 07:55:23 UTC 2020


Dear Wale, Hadia and Joan, Thank you for your reply ;-)!

 

Classic DNS is processed unencrypted via port 53, end devices are assigned an IP address of a DNS resolver via DHCP, which is then used centrally by the entire operating system. However, such a process has not yet been standardized for protocols such as DoH. In addition, with DoH, applications can now use other DNS resolvers simply and in a standardized manner than the classic resolver defined in the system e.g. via browser.

 

The current situation means that manufacturers have been going different ways to still be able to assign DoH resolvers. Google tries to upgrade an existing DNS resolver on DoH servers in Chrome and maintains a corresponding list. Microsoft also wants to proceed in a similar way for Windows. Mozilla uses a standard DoH server in Firefox for the US.

 

With a standard, however, the assignment and use could be standardized and the DNS assignment could then also be automated relatively easily. Various ideas have now been discussed during the meeting. One suggestion provides for a separate protocol for finding appropriate resolvers (https://tools.ietf.org/html/draft-mglt-add-rdp-02). For this purpose, a list of these could be kept and queried, similar to how this already works with classic DNS.

 

Another one is to use the DNS records directly and to store the resolver addresses there. For this purpose, so-called designated DNS resolvers are to be used, which are only responsible for certain domains (https://tools.ietf.org/html/draft-pauly-add-resolver-discovery-01).

 

Another one is that every website simply specifies its preferred server in an HTTP header, which should then be used by clients proposed by Google and Cloudflare(https://tools.ietf.org/html/draft-schinazi-httpbis-doh-preference-hints-02).  

 

Finally, another one is based on Enrollment over Secure Transport (https://tools.ietf.org/html/rfc7030) to roll out your own certificates to clients in the network (https://tools.ietf.org/html/draft-reddy-add-iot-byod-bootstrap-00).

 

Have a great day!

Best,

Matthias

_________________________

Ing. Mag. Matthias M. Hudobnik

HYPERLINK "mailto:matthias at hudobnik.at"matthias at hudobnik.at

HYPERLINK "http://www.hudobnik.at/"http://www.hudobnik.at

@HYPERLINK "https://twitter.com/mhudobnik"mhudobnik

 

 

Von: Olawale Bakare [mailto:wales.baky at gmail.com] 
Gesendet: Donnerstag, 24. September 2020 14:17
An: Hadia Abdelsalam Mokhtar EL miniawi
Cc: Matthias M. Hudobnik; euro-discuss at atlarge-lists.icann.org; alac-sc-outreach at atlarge-lists.icann.org
Betreff: Re: [EURO-Discuss] [Alac-sc-outreach] Report IETF 108 meeting

 

There are a number of factors to consider for DoH and DoT, bearing in mind the two different ports they operate. One major factor the IETF's Adaptive DNS Discovery WG may watch out for, as it evolves is the CDN (Content Delivery Network). It has gained so much attention because the majority of web traffic is served through CDNs. 

 

Regards, 

Wale  

 

On Thu, Sep 24, 2020 at 12:06 PM Hadia Abdelsalam Mokhtar EL miniawi <HYPERLINK "mailto:Hadia at tra.gov.eg"Hadia at tra.gov.eg> wrote:

Interesting to know what they reached with regard to encrypted DoH and DoT

Hadia

-----Original Message-----
From: Hadia Abdelsalam Mokhtar EL miniawi 
Sent: Wednesday, September 23, 2020 3:28 PM
To: 'Matthias M. Hudobnik'; HYPERLINK "mailto:euro-discuss at atlarge-lists.icann.org"euro-discuss at atlarge-lists.icann.org; HYPERLINK "mailto:alac-sc-outreach at atlarge-lists.icann.org"alac-sc-outreach at atlarge-lists.icann.org
Subject: RE: [Alac-sc-outreach] Report IETF 108 meeting

Thanks Mathias

Hadia

-----Original Message-----
From: Alac-sc-outreach [mailto:HYPERLINK "mailto:alac-sc-outreach-bounces at atlarge-lists.icann.org"alac-sc-outreach-bounces at atlarge-lists.icann.org] On Behalf Of Matthias M. Hudobnik
Sent: Tuesday, September 22, 2020 10:43 PM
To: HYPERLINK "mailto:euro-discuss at atlarge-lists.icann.org"euro-discuss at atlarge-lists.icann.org; HYPERLINK "mailto:alac-sc-outreach at atlarge-lists.icann.org"alac-sc-outreach at atlarge-lists.icann.org
Subject: [Alac-sc-outreach] Report IETF 108 meeting

Dear all,

Enclosed a very brief report about my experience in the IETF 108 meeting if anyone is interested to read it?
I can highly recommend to check out this forum even if it is very technical - it helps to get the bigger picture of the Internet ecosystem ;-)!

Have a nice evening!
Kindest regards,
Matthias
_________________________
Ing. Mag. Matthias M. Hudobnik
HYPERLINK "mailto:matthias at hudobnik.at"matthias at hudobnik.at
http://www.hudobnik.at


_______________________________________________
EURO-Discuss mailing list
HYPERLINK "mailto:EURO-Discuss at atlarge-lists.icann.org"EURO-Discuss at atlarge-lists.icann.org
https://atlarge-lists.icann.org/mailman/listinfo/euro-discuss

Homepage for the region: http://www.euralo.org
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/alac-sc-outreach/attachments/20200927/61d3e078/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/alac-sc-outreach/attachments/20200927/61d3e078/openpgp-digital-signature.asc>


More information about the Alac-sc-outreach mailing list