What is the dispute over the hegemony of 'DNS encryption method'?
By
There are two main methods of encrypting communication between the browser and DNS: “ DNS over HTTPS ” and “ DNS over TLS ”. The American Electrical Engineering Journal IEEE Spectrum discusses the need for DNS encryption and the difference between the two encryption methods.
The Fight Over Encrypted DNS: Explained IEEE Spectrum-IEEE Spectrum
https://spectrum.ieee.org/tech-talk/telecom/security/the-fight-over-encrypted-dns-boils-over
Queries and responses to DNS servers that look up IP addresses from domain names such as “gigazine.net” are usually in plaintext without encryption. Therefore, the information on “which domain to access” was omission, and the query could be intercepted and redirected to another address. For this reason, encryption has been an urgent task from a security perspective.
The following article provides details on how DNS has been encrypted.
Movement to encrypt communication with DNS so that ISP can not read information related to privacy and personal information-gigazine
Plaintext communication was so detrimental that there was no objection to the need for encryption. However, IEEE Spectrum stated, “There is a debate as to which encryption method should be used,“ DNS over HTTPS ”or“ DNS over TLS ”.
DNS over TLS is a DNS encryption method that relies on
By
Another disadvantage of DNS over TLS is that both hardware and applications need to support the TLS protocol. DNS over TLS protection is not enabled if either the hardware or the application cannot establish a connection.
DNS over HTTPS, on the other hand, is a DNS encryption method that relies on Hypertext Transfer Protocol Secure (HTTPS) , and is a later technology than DNS over TLS. In DNS over HTTPS, queries are exchanged via the same port 443 as normal web access, so it is impossible to identify only DNS queries from traffic.
Also, HTTPS is a well-known technology and is supported by most hardware and applications. In this respect, DNS over HTTPS is superior to DNS over TLS.
In September 2019, Firefox and Chrome supported DNS over HTTPS. On November 20, 2019, Microsoft announced that it will “make Windows compatible with DNS over HTTPS in the future”.
Microsoft agrees with `` DNS connection encryption '', considering Windows support in the future-GIGAZINE
by
On the other hand, there are also concerns about DNS over HTTPS. One of them is “information monopoly”. When DNS over HTTPS is turned on in each browser, DNS queries from Firefox are sent to Cloudflare, and DNS queries from Chrome are basically sent to Google. In other words, Cloudflare and Google dominate the information about where people are going to connect.
Mozilla, which provides Firefox, has announced that it will change to connect to Cloudflare's 1.1.1.1 service when using Firefox with default settings, ignoring the existing DNS settings. Google has already released a specification change 'If you use a DNS provider that supports DNS over HTTPS, Chrome will automatically communicate via DNS over HTTPS.'
Chromium Blog: Experimenting with same-provider DNS-over-HTTPS upgrade
https://blog.chromium.org/2019/09/experimenting-with-same-provider-dns.html
Another problem with DNS over HTTPS pointed out by IEEE Spectrum is “filtering and parental control become difficult”. Since all communication is encrypted by DNS over HTTPS, “access to malicious sites and prohibited sites” cannot be distinguished. Therefore, it is difficult for ISPs to regulate connections to malicious sites and prohibited sites.
According to IEEE Spectrum, 'Users should be able to decide' whether DNS over TLS or DNS over HTTPS should be used 'or' which DNS provider should be used in a web browser. '
Related Posts:
in Web Service, Posted by darkhorse_log