[menog] [Paper] Local and Internet Policy Implications of Encrypted DNS

[Fahd Batayneh]

Friends and Colleagues,

ICANN’s Office of the Chief Technology Officer (OCTO) have issued a new paper entitled “Local and Internet Policy Implications of Encrypted DNS”. The paper touches upon some emerging standards related to the domain name system such as DNS Over TLS (DoT), DNS Over HTTPS (DoH), and others

Since the creation of the Domain Name System (DNS), DNS traffic has been sent between computers and recursive resolvers in cleartext, meaning in-path observers could read the requests and responses. Recently, new technologies have been standardized to allow this DNS traffic to be encrypted, so that observers cannot see the information in the requests and responses. Deployment of these new technologies, particularly in browsers, is increasing.

The use of encryption for DNS traffic has numerous implications that are now being discussed in earnest in many different forums. Adding privacy to DNS traffic prevents eavesdroppers from gaining valuable information, but it can also prevent network administrators from using DNS as a way to enforce content, access, and other control policies. Recent discussions have shown that the way that DNS encryption is deployed has significant effects on enforcement of local policy. This paper discusses the ramifications of various proposed deployment strategies for encrypted DNS between end user computers and recursive resolvers.

The paper id available in PDF format here >> https://www.icann.org/en/system/files/files/octo-003-en.pdf.

Thank you,

Fahd Batayneh
ICANN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.menog.org/pipermail/menog/attachments/20191028/edde53b9/attachment.html