<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Nur Text Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Vorformatiert Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.E-MailFormatvorlage17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.NurTextZchn
{mso-style-name:"Nur Text Zchn";
mso-style-priority:99;
mso-style-link:"Nur Text";
font-family:"Calibri","sans-serif";}
span.tlid-translation
{mso-style-name:tlid-translation;}
span.HTMLVorformatiertZchn
{mso-style-name:"HTML Vorformatiert Zchn";
mso-style-priority:99;
mso-style-link:"HTML Vorformatiert";
font-family:"Courier New";
mso-fareast-language:DE-AT;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE-AT link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Dear Wale, Hadia and Joan, Thank you for your reply ;-)!<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Classic DNS is processed unencrypted via port 53, end devices are assigned an IP address of a DNS resolver via DHCP, which is then used centrally by the entire operating system. However, such a process has not yet been standardized for protocols such as DoH. In addition, with DoH, applications can now use other DNS resolvers simply and in a standardized manner than the classic resolver defined in the system e.g. via browser.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>The current situation means that manufacturers have been going different ways to still be able to assign DoH resolvers. Google tries to upgrade an existing DNS resolver on DoH servers in Chrome and maintains a corresponding list. Microsoft also wants to proceed in a similar way for Windows. Mozilla uses a standard DoH server in Firefox for the US.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>With a standard, however, the assignment and use could be standardized and the DNS assignment could then also be automated relatively easily. Various ideas have now been discussed during the meeting. One suggestion provides for a separate protocol for finding appropriate resolvers (<a href="https://tools.ietf.org/html/draft-mglt-add-rdp-02">https://tools.ietf.org/html/draft-mglt-add-rdp-02</a>). For this purpose, a list of these could be kept and queried, similar to how this already works with classic DNS.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Another one is to use the DNS records directly and to store the resolver addresses there. For this purpose, so-called designated DNS resolvers are to be used, which are only responsible for certain domains (<a href="https://tools.ietf.org/html/draft-pauly-add-resolver-discovery-01">https://tools.ietf.org/html/draft-pauly-add-resolver-discovery-01</a>).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Another one is that every website simply specifies its preferred server in an HTTP header, which should then be used by clients proposed by Google and Cloudflare(<a href="https://tools.ietf.org/html/draft-schinazi-httpbis-doh-preference-hints-02">https://tools.ietf.org/html/draft-schinazi-httpbis-doh-preference-hints-02</a>). <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Finally, another one is based on Enrollment over Secure Transport (<a href="https://tools.ietf.org/html/rfc7030">https://tools.ietf.org/html/rfc7030</a>) to roll out your own certificates to clients in the network (<a href="https://tools.ietf.org/html/draft-reddy-add-iot-byod-bootstrap-00">https://tools.ietf.org/html/draft-reddy-add-iot-byod-bootstrap-00</a>).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Have a great day!<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Best,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Matthias<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#1F497D'>_________________________</span><span lang=EN-GB style='font-size:8.0pt;color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#1F497D'>Ing. Mag. Matthias M. Hudobnik<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#9BBB59'><a href="mailto:matthias@hudobnik.at"><span style='color:#9BBB59'>matthias@hudobnik.at</span></a></span><span lang=EN-GB style='font-size:8.0pt;color:#9BBB59'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#9BBB59'><a href="http://www.hudobnik.at/"><span style='color:#9BBB59'>http://www.hudobnik.at</span></a><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#9BBB59'>@<a href="https://twitter.com/mhudobnik"><span style='color:#9BBB59'>mhudobnik</span></a></span><span lang=EN-GB style='font-size:8.0pt;color:#9BBB59'><o:p></o:p></span></p><p class=MsoNormal><u><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#9BBB59'><o:p><span style='text-decoration:none'> </span></o:p></span></u></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=DE style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Von:</span></b><span lang=DE style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Olawale Bakare [mailto:wales.baky@gmail.com] <br><b>Gesendet:</b> Donnerstag, 24. September 2020 14:17<br><b>An:</b> Hadia Abdelsalam Mokhtar EL miniawi<br><b>Cc:</b> Matthias M. Hudobnik; euro-discuss@atlarge-lists.icann.org; alac-sc-outreach@atlarge-lists.icann.org<br><b>Betreff:</b> Re: [EURO-Discuss] [Alac-sc-outreach] Report IETF 108 meeting<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>There are a number of factors to consider for DoH and DoT, bearing in mind the two different ports they operate. One major factor the IETF's Adaptive DNS Discovery WG may watch out for, as it evolves is the CDN (Content Delivery Network). It has gained so much attention because the majority of web traffic is served through CDNs. <o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Regards, <o:p></o:p></p></div><div><p class=MsoNormal>Wale <o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Thu, Sep 24, 2020 at 12:06 PM Hadia Abdelsalam Mokhtar EL miniawi <<a href="mailto:Hadia@tra.gov.eg">Hadia@tra.gov.eg</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><p class=MsoNormal>Interesting to know what they reached with regard to encrypted DoH and DoT<br><br>Hadia<br><br>-----Original Message-----<br>From: Hadia Abdelsalam Mokhtar EL miniawi <br>Sent: Wednesday, September 23, 2020 3:28 PM<br>To: 'Matthias M. Hudobnik'; <a href="mailto:euro-discuss@atlarge-lists.icann.org" target="_blank">euro-discuss@atlarge-lists.icann.org</a>; <a href="mailto:alac-sc-outreach@atlarge-lists.icann.org" target="_blank">alac-sc-outreach@atlarge-lists.icann.org</a><br>Subject: RE: [Alac-sc-outreach] Report IETF 108 meeting<br><br>Thanks Mathias<br><br>Hadia<br><br>-----Original Message-----<br>From: Alac-sc-outreach [mailto:<a href="mailto:alac-sc-outreach-bounces@atlarge-lists.icann.org" target="_blank">alac-sc-outreach-bounces@atlarge-lists.icann.org</a>] On Behalf Of Matthias M. Hudobnik<br>Sent: Tuesday, September 22, 2020 10:43 PM<br>To: <a href="mailto:euro-discuss@atlarge-lists.icann.org" target="_blank">euro-discuss@atlarge-lists.icann.org</a>; <a href="mailto:alac-sc-outreach@atlarge-lists.icann.org" target="_blank">alac-sc-outreach@atlarge-lists.icann.org</a><br>Subject: [Alac-sc-outreach] Report IETF 108 meeting<br><br>Dear all,<br><br>Enclosed a very brief report about my experience in the IETF 108 meeting if anyone is interested to read it?<br>I can highly recommend to check out this forum even if it is very technical - it helps to get the bigger picture of the Internet ecosystem ;-)!<br><br>Have a nice evening!<br>Kindest regards,<br>Matthias<br>_________________________<br>Ing. Mag. Matthias M. Hudobnik<br><a href="mailto:matthias@hudobnik.at" target="_blank">matthias@hudobnik.at</a><br><a href="http://www.hudobnik.at" target="_blank">http://www.hudobnik.at</a><br><br><br>_______________________________________________<br>EURO-Discuss mailing list<br><a href="mailto:EURO-Discuss@atlarge-lists.icann.org" target="_blank">EURO-Discuss@atlarge-lists.icann.org</a><br><a href="https://atlarge-lists.icann.org/mailman/listinfo/euro-discuss" target="_blank">https://atlarge-lists.icann.org/mailman/listinfo/euro-discuss</a><br><br>Homepage for the region: <a href="http://www.euralo.org" target="_blank">http://www.euralo.org</a><br>_______________________________________________<br>By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://www.icann.org/privacy/policy" target="_blank">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a href="https://www.icann.org/privacy/tos" target="_blank">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></p></blockquote></div></div></body></html>