This session explored technologies that may have affected the unique identifier ecosystem the ICANN helps coordinate. The discussion was centred around the policy aspects of DNS over HTTPS (DoH) and DNS over TLS (DoT). While major browsers are getting ready to have DoH turned on by default there are still operational and privacy issues being discussed. In this high-interest session, attendees had an opportunity to exchange views and questions with experts working on these technologies.
Overview of the Session:
DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) are two new protocols
for transporting DNS data
◉ Both protocols support encrypting DNS data in transport
o Traditional DNS queries and responses are unencrypted
◉ DNS data integrity is unrelated to DoH and DoT
o The need for DNSSEC has not changed.
◉ Standardization on how DoH and DoT resolvers are configured in
applications and operating systems is still ongoing.
o DoH and DoT implementations are still developing and current
deployments are limited.
Conclusion:
Some potential deployments of DoH and DoT may impact traditional policy
control points in DNS resolution
◉ Standardization on how DoH and DoT resolvers are configured in
applications and operating systems is still ongoing
◉ For registry and registrar operators, there is currently little impact from
DoH and DoT
◉ It is too early to say what the impact of DoH and DoT on users will be
◉ The need for DNSSEC and QNAME Minimization has not changed
Session Leader: Maria Otanes
Staff Facilitator: Maria Otanes