DNS Over HTTPS
charter-ietf-doh-00-08
Document | Proposed charter | DNS Over HTTPS WG (doh) Snapshot | |
---|---|---|---|
Title | DNS Over HTTPS | ||
Last updated | 2017-09-25 | ||
State | External Review (Message to Community, Selected by Secretariat) | ||
WG | State | Proposed | |
IESG | Responsible AD | Barry Leiba | |
Charter edit AD | Adam Roach | ||
Send notices to | (None) |
This working group will standardize encodings for DNS queries and responses
that are suitable for use in HTTPS. This will enable the domain name system to
function over certain paths where existing DNS methods (UDP, TLS [RFC 7857],
and DTLS [RFC 8094]) experience problems.
The working group will re-use HTTPS methods, error codes, and other semantics
to the greatest extent possible. The use of HTTPS and its existing PKI
provides integrity and confidentiality, and it also allows interoperation
with common HTTPS infrastructure and policy.
While access to DNS-over-HTTPS servers from JavaScript running in a typical
web browser is not the primary use case for this work, precluding the ability
to do so would require additional preventative design. The Working Group will
not engage in such preventative design.
The working group will coordinate with the DNSOP and INTAREA working groups
for input on DNS-over-HTTPS's impact on DNS operations and DNS semantics,
respectvely. In particular, DNSOP will be consulted for guidance on the
operational impacts that result from traditional host behaviors (i.e.,
stub-resolver to recursive-resolver interaction) being replaced with the
specified mechanism.
Specification of how DNS-formatted data may be used for use cases beyond
normal DNS queries is out of scope for the working group.
The specification of how to discover DOH servers via mechanisms currently used
to discover other DNS servers (e.g., DHCP and Router Advertisements) may be
considered by the working group if the chairs determine that a sufficiently
large mass of working group participants exist who are willing to edit and
comment on documents regarding such mechanisms.
The working group will use draft-hoffman-dispatch-dns-over-https as input.