On 08/11/2018 05:40 PM, John R Levine wrote: > On Sat, 11 Aug 2018, Benjamin Kaduk wrote: >>> Is there a reason that the security threats of DOH over TCP would be >>> any diferent from existing DNS over TCP? >> >> Well, HTTPS pulls in the TLS crypto and its potential increased resource >> consumption, but in general TLS tries to avoid DoS opportunites where a >> client can make the server do lots of work without having first provided >> some indication that the client is "real". > > Well, OK. The obvious next question is whether DoH is different from > any other https client request. The possible difference is the impact: Traditionally, and https-based attack could DoS a web server. With DoH, it could DoS DNS resolution. Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@xxxxxxxxxxxxxxx PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
