From paul.hoffman at icann.org Wed Nov 6 22:39:09 2019 From: paul.hoffman at icann.org (Paul Hoffman) Date: Wed, 6 Nov 2019 22:39:09 +0000 Subject: [Input-to-SSR2RT] ICANN activity on DoH and other encrypted DNS transports Message-ID: Greetings. At Russ' suggestion, I looked at the slides from your public engagement session earlier in the week, particularly with respect to DoH. Last week, ICANN's Office of the CTO published an overview of encrypted DNS to help the policy community understand the issues that are being widely discussed in the technical community. If you haven't seen "Local and Internet Policy Implications of Encrypted DNS" already, it is at: https://www.icann.org/en/system/files/files/octo-003-en.pdf The document outlines (but purposely does not go into detail) the concerns from many parties, particularly about security. It also covers the adoption of DoH by two major browsers, including an analysis of their stated plans for deployment to their customers. One point I would make about the slide given: it appears that the review team is only concerned about DoH, not DoT. Some proposed uses of DoT causes most of the same ecosystem and security concerns as DoH does, so you might consider expanding that to "encrypted DNS". The same concern will come up again in a few years if DoH over Quic or DNS over QUIC is adopted. Please let me know if I can assist more on this. --Paul Hoffman