SAC109 - The Implications of DNS over HTTPS and DNS over TLS

Barry Leiba
Suzanne Woolf
Joe Abley
Tim April
Paul Ebersman
Ondrej Filip
Geoff Huston
Jacques Latour
John Levine
Chris Roosenraad
Tara Whalen
ICANN Security and Stability Advisory Committee (SSAC) Reports and Advisories (2020), pp. 34

Abstract

Encrypted DNS technologies, including DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT),
are recent protocols developed for the primary purpose of enhancing user privacy. They
accomplish this in several ways, including encrypting their traffic in transit and permitting DNS
resolver selection and resolution in applications.

Major browser vendors, Internet Service Providers (ISPs), and others are deploying support for
these technologies. Their deployment brings a number of possible implications, both positive and
negative, to the ICANN community, operators and users of the DNS, and Internet users.
This report analyzes the initial effects of these technologies by identifying some groups whose
online experiences around privacy could change with the deployment of these technologies.
Detailed analysis of effects will have to wait for more widespread deployment and measurement.
This report discusses implications occurring now, and raises some longer-term questions for the
future. This report frames the issues from the perspectives of interested parties, with the
understanding that the issues are nuanced, and that readers coming from different perspectives
will have different sensitivities: readers from two different perspectives are likely to view a
single issue in two different ways.

The intended audience for this report is both the ICANN community and the greater Internet
community. This includes network operators, DNS software implementers, policy makers, and
concerned Internet users.