On Sat, Aug 11, 2018 at 6:48 PM, Fernando Gont <fgont@xxxxxxxxxxxxxxx> wrote:
What could be different is the impact. What I'm wondering is, in a way,
to what extent it might be easier to completely DoS DNS resolution for
the DoH case. -- Defending against resource-exhaustion attacks is
certainly more complex for stateful protocols.
HTTPS services can scale to very large amounts and are quite successful at dos mitigation - there are many existence proofs. That's actually a strong reason to utilize DoH - to participate in the scalig that comes with that ecosystem.
