Discussion Paper - DNS over HTTPS (DoH)
Background information and explanations for non-technical readers, and a clear set of recommendations for best practice in line with privacy-enhancing techniques and informed user consent.
Discussion Paper on DNS over HTTPS (DoH)
Throughout the history of the Internet, traditional Domain Name System (DNS) traffic – for example, when a user types a website name into a browser – has largely been unencrypted. The DNS over HTTPS (DoH) protocol, which first emerged in 2018, and is a new approach to change that by making use of the well-known secure HTTPS web protocol.
Several large-scale Internet companies, including Apple, Mozilla, Microsoft, and Google, are in the process of planning or implementing DoH into their services and applications. While the encryption of DNS has the advantage of improving user privacy and security, a discussion has emerged around the DoH protocol on a range of issues which need to be addressed in the implementation and deployment of services.
To clarify some of the complexities – both legal and technical – and to provide recommendations for implementation and deployment of DoH, members of the eco Association have collaborated on producing a Discussion Paper on DNS over HTTPS (DoH). The paper provides background information and explanations for non-technical readers, and a clear set of recommendations for best practice in line with privacy-enhancing techniques and informed user consent.
eco - Association of the Internet Industry
With more than 1,100 member companies, eco is the largest association of the Internet industry in Europe, representing all sectors from network infrastructure, Internet service providers (ISPs), content delivery networks (CDNs), service and application providers, to cyber security and legal experts. A group of members have taken the opportunity to make the most of this source of broad and diverse expertise to discuss the emerging use of the DNS over HTTPS (DoH) protocol and the impact of its implementation on different environments.
Topics covered in the discussion paper include:
How DoH interacts with existing network environments
User Level: User Choice and Awareness
- Privacy & tracking
- User consent & default settings
Implementation / Operational Choices
- Implementation in system vs. application
- Centralisation of a major Internet resource
- Privacy and tracking in DoH
DNS Resolver Operator Perspective
- Customer protection – logging for security purposes
- Network performance
- Regulatory issues