Martin Thomson <martin.thomson@xxxxxxxxx> wrote: > John R Levine <johnl@xxxxxxxxx> wrote: > > Nothing here changes the existing security model. > > If you are talking JS making DNS queries, then I disagree. I'm no > longer sure what you are talking about, of course. I've seen lots of concerns about DNS queries from JS, but I'm not sure what the worry is. Is it just the fact of making queries? JS can already make DNS queries by shoving <IMG> elements into the DOM. It can't get the answers, but it can still poke at the resolver's cache. Is it the answers? You can spin up a server now to provide answers to JS for arbitrary DNS queries. I suppose it gets interesting when you combine the two, because the JS can then probe private name/address spaces. There are other interesting ways to probe private namespaces, e.g. over SMTP https://emaildns.net/poster.pdf It's genuinely difficult to keep the contents of private DNS confidential, so I don't think this issue is at all specific to DNS over HTTPS - though DoH maybe crosses a threshold of easyness. Tony. -- f.anthony.n.finch <dot@xxxxxxxx> http://dotat.at/ - I xn--zr8h punycode Northwest Fitzroy, West Sole: Southerly 5 to 7, veering westerly 4 or 5 later. Moderate or rough, becoming rough or very rough. Occasional rain. Good, occasionally poor.