On 08/12/2018 01:39 AM, Patrick McManus wrote: > yes - as section 10 says " > > Running DNS over HTTPS relies on the security of the underlying HTTP > transport > " Giving that DoH means that you ow rely 100% on a stateful protocol, some further discussion is needed. For instance, if you need to harden HTTPS to better cope with DoS attacks, part of the hardening happens at the layer below. You don't need to get into those details, but I do think you need to stress that relying on a connection oriented protocol implies taking care of a bunch of thing, many very closely associated, so that the service is resilient to DoS attacks. Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@xxxxxxxxxxxxxxx PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
