Usage Profiles for DNS over TLS and DNS over DTLS

Dickinson, Sara; Gillmor, Daniel; Reddy, Tirumaleswar

doi:10.17487/rfc8310

Cited by 20 publications

(6 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…They performed a downgrade attack by blocking the DoH connection, forcing the browsers to roll back to traditional unencrypted DNS without any noticeable alert in the user interface. According to the study [24], browser vendors do not consider this attack as a vulnerability but rather a welldocumented feature also described in RFC 8310 [25]. The impact of a downgrade attack could be reduced by proper notification about lost privacy; however, none of the browser vendors plan to integrate it [24].…”

Section: B Adoption Perspectivementioning

confidence: 99%

Summary of DNS Over HTTPS Abuse

et al. 2022

View full text Add to dashboard Cite

The Internet Engineering Task Force adopted the DNS over HTTPS protocol in 2018 to remediate privacy issues regarding the plain text transmission of the DNS protocol. According to our observations and the analysis described in this paper, protecting DNS queries using HTTPS entails security threats. This paper surveys DoH related research works and analyzes malicious and unwanted activities that leverage DNS over HTTPS and can be currently observed in the wild. Additionally, we describe three realworld abuse scenarios observed in the web environment that reveal how service providers intentionally use DNS over HTTPS to violate policies. Last but not least, we identified several research challenges that we consider important for future security research.

show abstract

Section: B Adoption Perspectivementioning

confidence: 99%

Summary of DNS Over HTTPS Abuse

et al. 2022

View full text Add to dashboard Cite

show abstract

“…The AS-based analysis can, therefore, not be extended to the whole monitoring period of the MAWI monitor. We are aware of other evolving protocols and protocol extensions/updates, such as HTTP/2 [46], TLS 1.3 [47], DNS over TLS (DoT) [48], [49], or DNS over HTTPS (DoH) [50]. However, traffic using HTTP/2, TLS 1.3, or DoH cannot be accurately identified based on the public trace data, as the monitors drop all packet information above the transport layer.…”

Section: Limitations and Future Directionsmentioning

confidence: 99%

Impact of Evolving Protocols and COVID-19 on Internet Traffic Shares

Schumann¹,

Doan²,

Shreedhar³

et al. 2022

Preprint

View full text Add to dashboard Cite

The rapid deployment of new Internet protocols over the last few years and the COVID-19 pandemic more recently (2020) has resulted in a change in the Internet traffic composition. Consequently, an updated microscopic view of traffic shares is needed to understand how the Internet is evolving to capture both such shorter-and longerterm events. Toward this end, we observe traffic composition at a research network in Japan and a Tier-1 ISP in the USA. We analyze the traffic traces passively captured at two inter-domain links: MAWI (Japan) and CAIDA (New York-São Paulo), which cover ≈100 GB of data for MAWI traces and ≈4 TB of data for CAIDA traces in total. We begin by studying the impact of COVID-19 on the monitored MAWI link: We find a substantial increase in the traffic volume of OpenVPN and rsync, as well as increases in traffic volume from cloud storage and video conferencing services, which shows that clients shift to remote work during the pandemic. For traffic traces between March 2018 and December 2018, we find that the use of IPv6 is increasing quickly on the CAIDA monitor: The IPv6 traffic volume increases from 1.1% in March 2018 to 6.1% in December 2018, while the IPv6 traffic share remains stable in the MAWI dataset at around 9% of the traffic volume. Among other protocols at the application layer, 60%-70% of IPv4 traffic on the CAIDA link is HTTP(S) traffic, out of which two-thirds are encrypted; for the MAWI link, more than 90% of the traffic is Web, of which nearly 75% is encrypted. Compared to previous studies, this depicts a larger increase in encrypted Web traffic of up to a 3-to-1 ratio of HTTPS to HTTP. As such, our observations in this study further reconfirm that traffic shares change with time and can vary greatly depending on the vantage point studied despite the use of the same generalized methodology and analyses, which can also be applied to other traffic monitoring datasets.

show abstract

“…Para a criptografia o proxy utiliza os seguintes softwares/protocolos: DNSCrypt 2 , DNS Queries over HTTPS (DoH) [10] e DNS over Transport Layer Security (DoT) [8,9,13].…”

Section: Métodos E Materiaisunclassified