@techreport{dkg-dprive-demux-dns-http-03,
    number =    {draft-dkg-dprive-demux-dns-http-03},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-dkg-dprive-demux-dns-http/03/},
    author =    {Daniel Kahn Gillmor},
    title =     {{Demultiplexing Streamed DNS from HTTP/1.x}},
    pagetotal = 19,
    year =      2017,
    month =     may,
    day =       17,
    abstract =  {DNS over TCP and HTTP/1.x are both stream-oriented, client-speaks- first protocols. They can both be run over a stream-based security protocol like TLS. A server accepting a stream-based client can distinguish between a valid stream of DNS queries and valid stream of HTTP/1.x requests by simple observation of the first few octets sent by the client. This can be done without any external demultiplexing mechanism like TCP port number or ALPN. Implicit multiplexing of the two protocols over a single listening port can be useful for obscuring the presence of DNS queries from a network observer, which makes it relevant for DNS privacy. Widespread adoption of the described approach could constrain evolution of the stream-based variants of both DNS ({[}RFC1035{]}) and HTTP/1.x ({[}RFC7230{]}) by ossifying existing distinguishing bit patterns in early octets sent by the client. However, this draft explicitly rules out multiplexing in this form with HTTP/2, so it should place no constraints on it or any higher version of HTTP.},
}