DNS Over HTTPS
charter-ietf-doh-01

WG review announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: doh@ietf.org 
Subject: WG Review: DNS Over HTTPS (doh)

A new IETF WG has been proposed in the Applications and Real-Time Area. The
IESG has not made any determination yet. The following draft charter was
submitted, and is provided for informational purposes only. Please send your
comments to the IESG mailing list (iesg@ietf.org) by 2017-09-25.

DNS Over HTTPS (doh)
-----------------------------------------------------------------------
Current status: Proposed WG

Chairs:
  TBD

Assigned Area Director:
  Adam Roach <adam@nostrum.com>

Applications and Real-Time Area Directors:
  Adam Roach <adam@nostrum.com>
  Ben Campbell <ben@nostrum.com>
  Alexey Melnikov <aamelnikov@fastmail.fm>

Mailing list:
  Address: doh@ietf.org
  To subscribe: https://www.ietf.org/mailman/listinfo/doh
  Archive: https://mailarchive.ietf.org/arch/browse/doh/

Group page: https://datatracker.ietf.org/group/doh/

Charter: https://datatracker.ietf.org/doc/charter-ietf-doh/

This working group will standardize encodings for DNS queries and responses
that are suitable for use in HTTPS. This will enable the domain name system
to function over certain paths where existing DNS methods (UDP, TLS, and DTLS)
experience problems.  The working group will re-use HTTPS methods, error
codes, and other semantics to the greatest extent possible.  The use of HTTPS
provides integrity and confidentiality, and it also allows the transport to
interoperate with common HTTPS infrastructure and policy.

The working group will coordinate with the DNSOP and INTAREA working groups
for input on DNS-over-HTTPS's impact on DNS operations and DNS semantics,
respectvely. In particular, DNSOP will be consulted for guidance on the
operational impacts that result from traditional host behaviors (i.e.,
stub-resolver to recursive-resolver interaction) being replaced with the
specified mechanism.

Specification of how the DNS data may be used for new use cases, and
the discovery of the DOH servers, are out of scope for the working group.

The working group will use draft-hoffman-dispatch-dns-over-https as input.

Milestones:

  Apr 2018 - Submit specification for performing DNS queries over HTTPS to
  the IESG for publication as PS


WG action announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>,
    doh@ietf.org,
    doh-chairs@ietf.org 
Subject: WG Action: Formed DNS Over HTTPS (doh)

A new IETF WG has been formed in the Applications and Real-Time Area. For
additional information, please contact the Area Directors or the WG Chairs.

DNS Over HTTPS (doh)
-----------------------------------------------------------------------
Current status: Proposed WG

Chairs:
  David Lawrence <tale@dd.org>
  Benjamin Schwartz <bemasc@google.com>

Assigned Area Director:
  Adam Roach <adam@nostrum.com>

Applications and Real-Time Area Directors:
  Adam Roach <adam@nostrum.com>
  Ben Campbell <ben@nostrum.com>
  Alexey Melnikov <aamelnikov@fastmail.fm>

Technical advisors:
  Warren Kumari <warren@kumari.net>

Mailing list:
  Address: doh@ietf.org
  To subscribe: https://www.ietf.org/mailman/listinfo/doh
  Archive: https://mailarchive.ietf.org/arch/browse/doh/

Group page: https://datatracker.ietf.org/group/doh/

Charter: https://datatracker.ietf.org/doc/charter-ietf-doh/

This working group will standardize encodings for DNS queries and responses
that are suitable for use in HTTPS. This will enable the domain name system to
function over certain paths where existing DNS methods (UDP, TLS [RFC 7857],
and DTLS [RFC 8094]) experience problems.

The working group will re-use HTTPS methods, error codes, and other semantics
to the greatest extent possible.  The use of HTTPS and its existing PKI
provides integrity and confidentiality, and it also allows interoperation
with common HTTPS infrastructure and policy.

The primary focus of this working group is to develop a mechanism that
provides confidentiality and connectivity between DNS clients (e.g., operating
system stub resolvers) and recursive resolvers.  While access to
DNS-over-HTTPS servers from JavaScript running in a typical web browser is not
the primary use case for this work, precluding the ability to do so would
require additional preventative design. The working group will not engage in
such preventative design.

The working group will analyze the security and privacy issues that
could arise from accessing DNS over HTTPS. In particular, the working
group will consider the interaction of DNS and HTTP caching.

The working group will coordinate with the DNSOP and INTAREA working groups
for input on DNS-over-HTTPS's impact on DNS operations and DNS semantics,
respectvely. In particular, DNSOP will be consulted for guidance on the
operational impacts that result from traditional host behaviors (i.e.,
stub-resolver to recursive-resolver interaction) being replaced with the
specified mechanism.

Specification of how DNS-formatted data may be used for use cases beyond
normal DNS queries is out of scope for the working group.

The working group may define mechanisms for discovery of DOH servers
similar to existing mechanisms for discovering other DNS servers if
the chairs determine that there is both sufficient interest and
working group consensus.

The working group will use draft-hoffman-dispatch-dns-over-https as input.

Milestones:

  Apr 2018 - Submit specification for performing DNS queries over HTTPS to
  the IESG for publication as PS


Ballot announcement