You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: report/deployment/overview.md
+11-10Lines changed: 11 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,21 +4,22 @@ This section addresses ECH deployment considerations. Where relevant, it will li
4
4
5
5
## Process overview
6
6
7
-
8
-
9
-
### Client process
7
+
This is a simplified overview of the workflow involved in the browser opening an ECH-protected website.
10
8
11
-
I. To request a website, the browser first queries the A/AAAA record and the ECHConfig from the configured DoH/DoT server. The DoH/DoT server is either provided by the network owner or by a large CDN.
12
9
13
-
II. The DoH server queries the information at the autoritative DNS server via DNS, managed by the website operator.
14
-
15
-
II. The information is sent from the DNS server to the DoH server and potentially cached.
10
+
16
11
17
-
IV. The information is passed on to the client
12
+
### Client process
18
13
19
-
V. Using the A/AAAA record and the ECHConfig, the browser requests the website from the web server
14
+
<ol>
15
+
<listyle="list-style: upper-roman;">To request a website, the browser first queries the A/AAAA record and the ECHConfig from the configured DoH/DoT server. The DoH/DoT server is either provided by the network owner or by a large CDN.</li>
16
+
<listyle="list-style: upper-roman;">The DoH server queries the information at the autoritative DNS server via DNS, managed by the website operator.</li>
17
+
<listyle="list-style: upper-roman;">The information is sent from the DNS server to the DoH server and potentially cached.</li>
18
+
<listyle="list-style: upper-roman;">The information is passed on to the client</li>
19
+
<listyle="list-style: upper-roman;">Using the A/AAAA record and the ECHConfig, the browser requests the website from the web server</li>
20
+
</ol>
20
21
21
-
FIXME: do the DoH servers fetch their data via DNS or DoH? Protocol Upgrades?
22
+
The DoH servers query the autoritative DNS servers mostly via traditional unencrypted UDP-based DNS (Do53), however DoT and DoH are increasingly adopted in this area too. Protocol upgrades (opportunistic or via SVCB records) are also used.
0 commit comments