Thanks everyone. I read over the transcript. Some small things: - I also have no further comments on the charter, it's ok with me. - I also support Suzanne's suggestion of how to introduce the document and problems of laying out where things started. As a substantive question, something that comes up in incident response circles is what the effect of DNS encryption will be for incident forensics for enterprises. Rod mentioned use cases, but is that use case on the table as a view to analyze the impact? Passive DNS is generally useful during IR. IIRC Bro can automagically label endpoints of flows with observed passive DNS resolutions on the network. Enterprises with a central web proxy, etc., can analyze encrypted web traffic that way. Will we end up seeing something similar for DoH in enterprises, or is it too thoroughly designed to avoid enterprise visibility? -- best, Jono
From my mobile, please excuse brevity
On Wed, Apr 6, 2022, 16:33 Kathy Schnitt <kathy.schnitt@icann.org> wrote:
Dear SSAC Evo of Reso Work Party,
Attached is the transcription from our meeting held on 31 Mar 2022 21:00 UTC.
Best, Kathy _______________________________________________ SSAC-Evo-Reso-WP mailing list SSAC-Evo-Reso-WP@icann.org https://mm.icann.org/mailman/listinfo/ssac-evo-reso-wp
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.