- Impact
- 23,259
The Implications of DNS over HTTPS and DNS over TLS
A Report from the ICANN Security and Stability Advisory Committee (SSAC)
12 March, 2020
Read more (PDF):
https://www.icann.org/en/system/files/files/sac-109-en.pdf
SSAC Reports are focused on technical aspects of Security, Stability, and Resiliency (SSR) issues. You can find more ICANN SSAC publications here:
https://www.icann.org/groups/ssac/documents
Additional links:
https://en.wikipedia.org/wiki/DNS_over_HTTPS
https://en.wikipedia.org/wiki/DNS_over_TLS
https://labs.ripe.net/author/gih/doh-dns-over-https-explained/
https://labs.ripe.net/author/bert_hubert/the-big-dns-privacy-debate/
https://blog.apnic.net/2020/06/18/where-is-the-dns-heading/
https://circleid.com/posts/20190906_dns_over_https_the_privacy_and_security_concerns
A Report from the ICANN Security and Stability Advisory Committee (SSAC)
12 March, 2020
Encrypted DNS technologies, including DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT),
are recent protocols developed for the primary purpose of enhancing user privacy. They
accomplish this in several ways, including encrypting their traffic in transit and permitting DNS
resolver selection and resolution in applications.
Major browser vendors, Internet Service Providers (ISPs), and others are deploying support for
these technologies. Their deployment brings a number of possible implications, both positive and
negative, to the ICANN community, operators and users of the DNS, and Internet users.
This report analyzes the initial effects of these technologies by identifying some groups whose
online experiences around privacy could change with the deployment of these technologies.
Detailed analysis of effects will have to wait for more widespread deployment and measurement.
This report discusses implications occurring now, and raises some longer-term questions for the
future. This report frames the issues from the perspectives of interested parties, with the
understanding that the issues are nuanced, and that readers coming from different perspectives
will have different sensitivities: readers from two different perspectives are likely to view a
single issue in two different ways.
The intended audience for this report is both the ICANN community and the greater Internet
community. This includes network operators, DNS software implementers, policy makers, and
concerned Internet users.
are recent protocols developed for the primary purpose of enhancing user privacy. They
accomplish this in several ways, including encrypting their traffic in transit and permitting DNS
resolver selection and resolution in applications.
Major browser vendors, Internet Service Providers (ISPs), and others are deploying support for
these technologies. Their deployment brings a number of possible implications, both positive and
negative, to the ICANN community, operators and users of the DNS, and Internet users.
This report analyzes the initial effects of these technologies by identifying some groups whose
online experiences around privacy could change with the deployment of these technologies.
Detailed analysis of effects will have to wait for more widespread deployment and measurement.
This report discusses implications occurring now, and raises some longer-term questions for the
future. This report frames the issues from the perspectives of interested parties, with the
understanding that the issues are nuanced, and that readers coming from different perspectives
will have different sensitivities: readers from two different perspectives are likely to view a
single issue in two different ways.
The intended audience for this report is both the ICANN community and the greater Internet
community. This includes network operators, DNS software implementers, policy makers, and
concerned Internet users.
Read more (PDF):
https://www.icann.org/en/system/files/files/sac-109-en.pdf
SSAC Reports are focused on technical aspects of Security, Stability, and Resiliency (SSR) issues. You can find more ICANN SSAC publications here:
https://www.icann.org/groups/ssac/documents
Additional links:
https://en.wikipedia.org/wiki/DNS_over_HTTPS
https://en.wikipedia.org/wiki/DNS_over_TLS
https://labs.ripe.net/author/gih/doh-dns-over-https-explained/
https://labs.ripe.net/author/bert_hubert/the-big-dns-privacy-debate/
https://blog.apnic.net/2020/06/18/where-is-the-dns-heading/
https://circleid.com/posts/20190906_dns_over_https_the_privacy_and_security_concerns
Last edited:
