[Input-to-SSR2RT] ICANN activity on DoH and other encrypted DNS transports

[Paul Hoffman]

Greetings. At Russ' suggestion, I looked at the slides from your public engagement session earlier 
in the week, particularly with respect to DoH. Last week, ICANN's Office of the CTO published an 
overview of encrypted DNS to help the policy community understand the issues that are being widely 
discussed in the technical community.

If you haven't seen "Local and Internet Policy Implications of Encrypted DNS" already, it is at:
      https://www.icann.org/en/system/files/files/octo-003-en.pdf
The document outlines (but purposely does not go into detail) the concerns from many parties, 
particularly about security. It also covers the adoption of DoH by two major browsers, including an 
analysis of their stated plans for deployment to their customers.

One point I would make about the slide given: it appears that the review team is only concerned 
about DoH, not DoT. Some proposed uses of DoT causes most of the same ecosystem and security 
concerns as DoH does, so you might consider expanding that to "encrypted DNS". The same concern will 
come up again in a few years if DoH over Quic or DNS over QUIC is adopted.

Please let me know if I can assist more on this.

--Paul Hoffman