> As a blocker for DNSSEC ... people made arguments about HTTPS overhead back in the day too. T...

ekr____ • yesterday at 9:47 PM • 1 reply • view on HN

> As a blocker for DNSSEC ... people made arguments about HTTPS overhead back in the day too.

They did, and then we spent an enormous amount of time to shave off a few round trip times in TLS 1.3 and QUIC. So I'm not sure this is as strong an argument as you seem to think it is.

> DoH also introduces latency, yet people aren't worried about that being a deal killer.

Actually, it really depends. It can actually be faster. Here are Mozilla's numbers from when we first rolled out DoH. https://blog.mozilla.org/futurereleases/2019/04/02/dns-over-...

And here are some measurements from Hounsel et al. https://arxiv.org/abs/1907.08089

Replies

indolering • yesterday at 9:56 PM

> They did, and then we spent an enormous amount of time to shave off a few round trip times in TLS 1.3 and QUIC.

But if it's worth doing for HTTP, why not for DNS?

> Actually, it really depends. It can actually be faster. Here are Mozilla's numbers from when we first rolled out DoH.

Oh fun!

➕ show 1 reply

alt Hacker News

Replies