SAC109 - The Implications of DNS over HTTPS and DNS over TLS

Encrypted DNS technologies, including DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT), are recent protocols developed for the primary purpose of enhancing user privacy. They accomplish this in several ways, including encrypting their traffic in transit and permitting DNS resolver selection and resolution in applications. Major browser vendors, Internet Service Providers (ISPs), and others are deploying support for these technologies. Their deployment brings a number of possible implications, both positive and negative, to the ICANN community, operators and users of the DNS, and Internet users. This report analyzes the initial effects of these technologies by identifying some groups whose online experiences around privacy could change with the deployment of these technologies. Detailed analysis of effects will have to wait for more widespread deployment and measurement. This report discusses implications occurring now, and raises some longer-term questions for the future. This report frames the issues from the perspectives of interested parties, with the understanding that the issues are nuanced, and that readers coming from different perspectives will have different sensitivities: readers from two different perspectives are likely to view a single issue in two different ways. The intended audience for this report is both the ICANN community and the greater Internet community. This includes network operators, DNS software implementers, policy makers, and concerned Internet users.

• General Science

• Networking