6. Considerations for Unprotected Use
Dieser Abschnitt bewahrt den RFC-Text zu DNS over CoAP, einschliesslich CoAP FETCH exchanges, application/dns-message Content-Format 553, SVCB docpath discovery, OSCORE and (D)TLS protection, CoAP caching, IANA registrations und operational/security considerations.
Originaler RFC-Text
6. Considerations for Unprotected Use
The use of DoC without confidentiality and integrity protection is
NOT RECOMMENDED. Without secure communication, many possible attacks
need to be evaluated in the context of the application's threat
model. This includes known threats for unprotected DNS [RFC3833]
[RFC9076] and CoAP (Section 11 of [RFC7252]). While DoC does not use
the random ID of the DNS header (see Section 4.2.2), equivalent
protection against off-path poisoning attacks is achieved by using
random large token values for unprotected CoAP requests. If a DoC
message is unprotected, it MUST use a random token with a length of
at least 2 bytes to mitigate this kind of poisoning attack.