[Ssr2-review] FW: ICANN activity on DoH and other encrypted DNS transports

Jennifer Bryce jennifer.bryce at icann.org
Thu Nov 7 13:32:33 UTC 2019 

FYI

-----Original Message-----
From: Input-to-ssr2rt <input-to-ssr2rt-bounces at icann.org> on behalf of Paul Hoffman <paul.hoffman at icann.org>
Date: Wednesday, November 6, 2019 at 5:39 PM
To: "input-to-ssr2rt at icann.org" <input-to-ssr2rt at icann.org>
Subject: [Input-to-SSR2RT] ICANN activity on DoH and other encrypted DNS	transports

    Greetings. At Russ' suggestion, I looked at the slides from your public engagement session earlier 
    in the week, particularly with respect to DoH. Last week, ICANN's Office of the CTO published an 
    overview of encrypted DNS to help the policy community understand the issues that are being widely 
    discussed in the technical community.
    
    If you haven't seen "Local and Internet Policy Implications of Encrypted DNS" already, it is at:
          https://www.icann.org/en/system/files/files/octo-003-en.pdf
    The document outlines (but purposely does not go into detail) the concerns from many parties, 
    particularly about security. It also covers the adoption of DoH by two major browsers, including an 
    analysis of their stated plans for deployment to their customers.
    
    One point I would make about the slide given: it appears that the review team is only concerned 
    about DoH, not DoT. Some proposed uses of DoT causes most of the same ecosystem and security 
    concerns as DoH does, so you might consider expanding that to "encrypted DNS". The same concern will 
    come up again in a few years if DoH over Quic or DNS over QUIC is adopted.
    
    Please let me know if I can assist more on this.
    
    --Paul Hoffman
    _______________________________________________
    Input-to-ssr2rt mailing list
    Input-to-ssr2rt at icann.org
    https://mm.icann.org/mailman/listinfo/input-to-ssr2rt
    
    _______________________________________________
    By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

More information about the Ssr2-review mailing list