Hi Jim,

Thanks for your reply.

I know what DoH is. Sorry that I was to short. The questionmark was meant in the case, I don't see it as a solution for IoT security.

Regards,

Eric



  Oorspronkelijk bericht  
Van: jim@rfc1035.com
Verzonden: 19 oktober 2018 19:50
Aan: e.vanuden@avm.de
Cc: iot-wg@ripe.net
Onderwerp: Re: [iot-wg] DoH - TEOTIAWKI?

On 19 Oct 2018, at 17:41, e.vanuden@avm.de wrote:
>
> DoH?

DNS over HTTP(S). See Sara Dickinson’s *excellent* presentation from Monday’s plenary.

> How to resolve local add?

You don’t. The focus of DoH is improving the browser experience. Whatever that ugly phrase means. DoH is orthogonal to the issues around resolving local names or addresses.

> How can Enterprise controll trafic?

They don’t/can’t. Unless they can force everything through a suitable TLS1.3 capable web proxy. Or configure every edge device to only use the enterprise's DoH resolvers. Good luck with that.

> Using DoH will more or less switch of local DNS server, are we shure we want this?

Whether you want this or not, DoH’s going to happen and it’ll be verging on the impossible to stop. The browser vendors are mostly driving this.

DoH support is already shipping in Chrome and Firefox. [It’s in Android Pie too.] Once this gets switched on, Chrome and Firefox should be faster at loading pages because there’s reduced DNS latency. Which should mean the other browser vendors will be obliged to deploy DoH to catch up. The big CDNs will pile in behind them* and then it’s game over. Most web-based DNS traffic will go dark.

* Imagine the opportunities for a CDN if it was able to couple an end user's DNS queries to their browser preferences.

This akamai blog posting is well worth reading though it’s not so apocalyptic:

https://blogs.akamai.com/2018/10/architectural-paths-for-evolving-the-dns.htm

The blog by one of the people behind DoH is also a good read:

https://bitsup.blogspot.com/2018/05/the-benefits-of-https-for-dns.html


Further discussion of DoH in general belongs on another list, perhaps dns-wg@ripe.net. We should try to keep the discussion here on the impact/use of DoH by IoT devices.