Emerging Protocols and Standards

DNS over HTTPS (DoH) and DNS over TLS (DoT) address privacy vulnerabilities in DNS resolution. Traditional DNS queries travel unencrypted, revealing browsing intentions to network observers. DoH and DoT encrypt these queries, preventing surveillance and manipulation. Browser integration of DoH creates new privacy protections but also challenges for enterprise security monitoring and content filtering.

Encrypted Server Name Indication (ESNI) and its successor Encrypted Client Hello (ECH) close remaining privacy gaps in TLS. Current TLS implementations reveal the target server name during handshake, enabling censorship and traffic analysis. ECH encrypts this information, preventing network observers from determining which sites users visit beyond IP addresses. This enhancement significantly improves privacy but complicates legitimate network management.

QUIC and HTTP/3 represent fundamental transport layer evolution. Built on UDP rather than TCP, QUIC eliminates head-of-line blocking and reduces connection establishment overhead. Integrated encryption makes security mandatory rather than optional. Connection migration enables seamless transitions between networks. These improvements position HTTP/3 as the future of web protocols, with security deeply integrated rather than layered on top.

WebAuthn and FIDO2 standards enable passwordless authentication using cryptographic keys. Hardware security keys, platform authenticators, and biometric systems provide phishing-resistant authentication. These standards work alongside HTTPS to eliminate password-based vulnerabilities. Adoption by major platforms signals a future where passwords become obsolete, replaced by cryptographic authentication methods.