rfc7858 — Search

US RFC 9250: DNS over Dedicated QUIC Connections

…he goals of the DoQ mapping are: Provide the same DNS privacy protection as DoT RFC7858 . This includes an option for the client to authenticate the server by means of an authentication domain name as specified in "Usage Profiles for DNS over TLS and DNS over DTLS" RFC8310 Provid…

2026-04-24 20:20 View archive →

US RFC 8094: DNS over Datagram Transport Layer Security (DTLS)

https://www.rfc-editor.org/rfc/rfc8094

…however, is only UDP. DNS over TCP can be protected with TLS, as described in [ RFC7858 ]. DNS over DTLS alone cannot provide privacy for DNS messages in all circumstances, specifically when the DTLS record size is larger than the path MTU. In such situations, the DNS server will…

2026-04-24 23:15 View archive →

US RFC 9539 - Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS

https://datatracker.ietf.org/doc/rfc9539

…tional cleartext transport. DoQ: DNS over QUIC ([RFC9250]). DoT: DNS over TLS ([RFC7858]). Encrypted transports: DoQ and DoT, collectively. 2. Priorities The protocol described in this document was developed with two priorities: minimizing negative impacts and retaining flexibili…

2026-04-24 10:13 View archive →

US RFC 8618: Compacted-DNS (C-DNS): A Format for DNS Packet Capture

https://www.rfc-editor.org/rfc/rfc8618

2026-04-24 18:35 View archive →

US RFC 8484: DNS Queries over HTTPS (DoH)

https://www.rfc-editor.org/rfc/rfc8484

…wire format used in this media type is different than the wire format used in [ RFC7858 ] (which uses the format defined in Section 4.2.2 of [RFC1035] that includes two length bytes). DoH clients using this media type MAY have one or more Extension Mechanisms for DNS (EDNS) optio…

2026-04-25 02:03 View archive →

US RFC 9499: DNS Terminology

https://rfc-editor.org/rfc/rfc9499

…SSAC026 Privacy-enabling DNS server: "A DNS server that implements DNS over TLS RFC7858 and may optionally implement DNS over DTLS RFC8094 ." (Quoted from RFC8310 ], Section 2 Other types of DNS servers might also be considered privacy-enabling, such as those running DNS-over-HTT…

2026-04-24 21:07 View archive →

US RFC 9399: Internet X.509 Public Key Infrastructure: Logotypes in X.509 Certificates

https://www.rfc-editor.org/rfc/rfc9399.html

… In addition, the use of an encrypted DNS mechanism, such as DNS over TLS (DoT) RFC7858 or DNS over HTTPS (DoH) RFC9230 , hides the name resolution traffic, which is usually a first step in fetching remote logotype objects. When the "data" URI scheme is used with direct addressin…

2026-04-24 20:17 View archive →

US draft-ietf-tls-esni-25

https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni

…er, encrypted DNS mechanisms such as DNS over HTTPS RFC8484 , DNS over TLS/DTLS RFC7858 RFC8094 , and DNS over QUIC RFC9250 provide mechanisms for clients to conceal DNS lookups from network inspection, and many TLS servers host multiple domains on the same IP address. Private or…

2026-04-24 18:46 View archive →

US draft-ietf-tls-esni-14

https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-14

…ent DNS queries or visible server IP addresses. However, DoH RFC8484 and DPRIVE RFC7858 RFC8094 provide mechanisms for clients to conceal DNS lookups from network inspection, and many TLS servers host multiple domains on the same IP address. Private origins may also be deployed b…

2026-04-24 16:31 View archive →

US RFC 9399 - Internet X.509 Public Key Infrastructure: Logotypes in X.509 Certificates

https://datatracker.ietf.org/doc/rfc9399

…In addition, the use of an encrypted DNS mechanism, such as DNS over TLS (DoT) [RFC7858] or DNS over HTTPS (DoH) [RFC9230], hides the name resolution traffic, which is usually a first step in fetching remote logotype objects. When the "data" URI scheme is used with direct address…

2026-04-24 15:09 View archive →

US RFC 8499: DNS Terminology

https://www.rfc-editor.org/rfc/rfc8499

…26 ]) Privacy-enabling DNS server: "A DNS server that implements DNS over TLS [ RFC7858 ] and may optionally implement DNS over DTLS RFC8094 ]." (Quoted from [RFC8310], Section 2 ) Other types of DNS servers might also be considered privacy-enabling, such as those running DNS ove…

2026-04-24 13:32 View archive →

US draft-arkko-iab-data-minimization-principle-05

https://datatracker.ietf.org/doc/html/draft-arkko-iab-data-minimization-principle-05

… addresses observers and outsider adversaries, see for instance Confidentiality RFC7858 RFC8446 RFC8484 RFC9000 . And RFC6973 discusses associated traffic analysis threats. The focus in this document is on the primary protocol participants, such as a server in a client-server arc…

2026-04-24 11:52 View archive →

US Transport Layer Security (TLS) Extensions

https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml

…ansport (MQTT) 0x6d 0x71 0x74 0x74 ("mqtt") DNS-over-TLS 0x64 0x6F 0x74 ("dot") RFC7858 Network Time Security Key Establishment, version 1 0x6E 0x74 0x73 0x6B 0x65 0x2F 0x31 ("ntske/1") RFC8915, Section 4 SunRPC 0x73 0x75 0x6e 0x72 0x70 0x63 ("sunrpc") RFC9289 HTTP/3 0x68 0x33 ("…

2026-04-24 10:36 View archive →

US RFC Errata Report » RFC Editor

http://www.rfc-editor.org/errata_search.php

…In addition, the use of an encrypted DNS mechanism, such as DNS over TLS (DoT) [RFC7858] or DNS over HTTPS (DoH) [RFC9230], hides the name resolution traffic, which is usually a first step in fetching remote logotype objects. It should say: In addition, the use of an encrypted DN…

2026-04-24 09:24 View archive →

US RFC Errata Report » RFC Editor

https://www.rfc-editor.org/errata_search.php

…In addition, the use of an encrypted DNS mechanism, such as DNS over TLS (DoT) [RFC7858] or DNS over HTTPS (DoH) [RFC9230], hides the name resolution traffic, which is usually a first step in fetching remote logotype objects. It should say: In addition, the use of an encrypted DN…

2026-04-24 07:35 View archive →