This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[iot-wg] DoH - TEOTIAWKI?
- Previous message (by thread): [iot-wg] DoH - TEOTIAWKI?
- Next message (by thread): [iot-wg] DoH - TEOTIAWKI?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
e.vanuden at avm.de
e.vanuden at avm.de
Fri Oct 19 20:31:37 CEST 2018
Hi Jim, Thanks for your reply. I know what DoH is. Sorry that I was to short. The questionmark was meant in the case, I don't see it as a solution for IoT security. Regards, Eric Oorspronkelijk bericht Van: jim at rfc1035.com Verzonden: 19 oktober 2018 19:50 Aan: e.vanuden at avm.de Cc: iot-wg at ripe.net Onderwerp: Re: [iot-wg] DoH - TEOTIAWKI? On 19 Oct 2018, at 17:41, e.vanuden at avm.de wrote: > > DoH? DNS over HTTP(S). See Sara Dickinson’s *excellent* presentation from Monday’s plenary. > How to resolve local add? You don’t. The focus of DoH is improving the browser experience. Whatever that ugly phrase means. DoH is orthogonal to the issues around resolving local names or addresses. > How can Enterprise controll trafic? They don’t/can’t. Unless they can force everything through a suitable TLS1.3 capable web proxy. Or configure every edge device to only use the enterprise's DoH resolvers. Good luck with that. > Using DoH will more or less switch of local DNS server, are we shure we want this? Whether you want this or not, DoH’s going to happen and it’ll be verging on the impossible to stop. The browser vendors are mostly driving this. DoH support is already shipping in Chrome and Firefox. [It’s in Android Pie too.] Once this gets switched on, Chrome and Firefox should be faster at loading pages because there’s reduced DNS latency. Which should mean the other browser vendors will be obliged to deploy DoH to catch up. The big CDNs will pile in behind them* and then it’s game over. Most web-based DNS traffic will go dark. * Imagine the opportunities for a CDN if it was able to couple an end user's DNS queries to their browser preferences. This akamai blog posting is well worth reading though it’s not so apocalyptic: https://blogs.akamai.com/2018/10/architectural-paths-for-evolving-the-dns.htm The blog by one of the people behind DoH is also a good read: https://bitsup.blogspot.com/2018/05/the-benefits-of-https-for-dns.html Further discussion of DoH in general belongs on another list, perhaps dns-wg at ripe.net. We should try to keep the discussion here on the impact/use of DoH by IoT devices. -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/iot-wg/attachments/20181019/f2b2ced0/attachment.html>
- Previous message (by thread): [iot-wg] DoH - TEOTIAWKI?
- Next message (by thread): [iot-wg] DoH - TEOTIAWKI?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ iot-wg Archives ]