On Sat, 11 Aug 2018, Benjamin Kaduk wrote:
Is there a reason that the security threats of DOH over TCP would be
any diferent from existing DNS over TCP?
Well, HTTPS pulls in the TLS crypto and its potential increased resource
consumption, but in general TLS tries to avoid DoS opportunites where a
client can make the server do lots of work without having first provided
some indication that the client is "real".
Well, OK. The obvious next question is whether DoH is different from any
other https client request.
Regards,
John Levine, johnl@xxxxxxxxx, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
