6. Considerations for Unprotected Use
この節では DNS over CoAP の RFC テキストを保持し, CoAP FETCH exchanges, application/dns-message Content-Format 553, SVCB docpath discovery, OSCORE and (D)TLS protection, CoAP caching, IANA registrations, operational/security considerations を扱う.
RFC 原文
6. Considerations for Unprotected Use
The use of DoC without confidentiality and integrity protection is
NOT RECOMMENDED. Without secure communication, many possible attacks
need to be evaluated in the context of the application's threat
model. This includes known threats for unprotected DNS [RFC3833]
[RFC9076] and CoAP (Section 11 of [RFC7252]). While DoC does not use
the random ID of the DNS header (see Section 4.2.2), equivalent
protection against off-path poisoning attacks is achieved by using
random large token values for unprotected CoAP requests. If a DoC
message is unprotected, it MUST use a random token with a length of
at least 2 bytes to mitigate this kind of poisoning attack.