DNS over HTTPS – What is it, and why should you care? – WS 06 2019

From EuroDIG Wiki
Jump to navigation Jump to search

Consolidated programme 2019 overview

Title: DNS over HTTPS – what is it, and why should you care?

Proposals assigned to this session: ID 123, 175 – list of all proposals as pdf

You are invited to become a member of the session Org Team! By joining an Org Team you agree to that your name and affiliation will be published at the respective wiki page of the session for transparency reasons. Please subscribe to the session mailing list and answer the email that will be send to you requesting your confirmation of subscription.

Session teaser

DNS-over-HTTPS is a new protocol that could fundamentally change the way DNS works today, providing less or more privacy depending on how it is used, disrupting censorship but also law-mandated content blocks and network security measures, shifting jurisdiction and Internet content control away from Europe, and fostering further centralization of the Internet. It affects almost any stakeholder – users, governments, civil society, ISPs, network administrators and more. Come and participate in an open discussion on what could be done to foster the positive effects while preventing the negative ones.

Session description

As part of its efforts to encrypt all communications, the IETF has recently released two protocols to encrypt the flow of DNS queries between user devices and their "name servers" (resolvers): DNS-over-TLS and DNS-over-HTTPS. The latter has spurred quite some controversy, as the deployment model chosen by the first major browser to embrace it, Mozilla's Firefox, would radically change the way consumer DNS services work today, giving to browser makers significant control over the choice of the resolver, and promoting the use of centralized global resolvers in place of the local ones traditionally supplied by Internet access providers.

The set of DNS queries performed by a user allows an observer to track almost any connection to any Internet service; it thus constitutes sensitive personal information. Encrypting the communication provides users with increased privacy, preventing ISPs from tracking or mangling their DNS queries, but centralizing all user queries on a few resolvers run by the big Internet operators, many of which have "surveillance capitalism" as their business model, can create an even bigger privacy and control problem.

Moreover, ISPs monitor and alter DNS queries for network security reasons, blocking access to malware and phishing websites, detecting infections and stopping botnets from working and propagating; corporate networks build their security over DNS-based mechanisms such as local names and "split horizon" configurations; all of this would stop working with DNS-over-HTTPS.

In terms of performance, global resolvers run by the big players could offer quicker responses, especially in countries where the local infrastructure is poor; the current public resolver usage patterns show this, with high penetration rates concentrated in Africa and the Middle East. However, local resolvers, in conjunction with content delivery networks, can tailor their replies to direct local users to the fastest source of the content, while global resolvers cannot do this without knowing the originating IP subnet in detail, again creating a privacy issue.

But DNS-over-HTTPS also affects human rights and national sovereignty; if browsers lead their users towards a resolver located in a foreign country, the user's country loses jurisdiction on DNS queries, while the resolver's country gains it. If the user's country censors the Internet heavily, switching to another jurisdiction will defeat censorship and increase the user's freedom of access and expression; however, the resolver's country will now be able to apply its own censorship to foreign citizens as well. The few private global resolver operators will also acquire the possibility to prevent access to content and to determine the policies for the DNS namespace.

Moreover, there are cases in which countries use DNS regulation to protect other people's rights, by barring access to content such as hate speech, totalitarian propaganda, illegal gambling; and there are cases in which Internet users voluntarily request their ISP to block access to content, such as with parental controls for families. All these mechanisms will stop working if remote resolvers connected via DNS-over-HTTPS are adopted by browsers as the new standard, while the use of DNS-over-TLS connections to the ISP's resolver would not create the same problems.

This discussion is particularly relevant to Europe, in view of the lack of European browsers and Internet platforms, of the less effective privacy regulations that American services are subject to, of the abundance of DNS-based content control mechanisms, and of the widespread concerns about the ongoing process of centralization of the Internet, of which this case is yet another instance.

The session will explain these and other issues, document the various views and provide a venue for discussion and collective brainstorming on possible solutions from a European viewpoint.

Format

The session will start with an introductory presentation to ensure that all participants are on a level field. The presentation (15 minutes) will cover:

  • Basic technicalities of encrypted DNS protocols for a non-technical audience
  • History and current deployment plans
  • Description of the policy issues that derive from the adoption of these protocols (DoH especially)

After the presentation, we will have a few “key participants” expose the views of specific stakeholder groups and make some proposals (15 minutes). Then we will brainstorm openly among participants, with a facilitator that tries to extract commonalities, starting with a “diverging” phase in which people can add more proposals to the discussion (15 minutes), working in breakout groups if necessary, and then a “converging” phase in which we try to ascertain support for the various proposals (40 minutes).

At the end, the facilitator will recap the results and ensure that everyone is happy with them (5 minutes).

Further reading

The basics

As a primer to the issue, here are two documents, one providing a supportive view and one summarizing the concerns:

  • Mozilla's explanation of how DNS-over-HTTPS (DoH) works and its advantages [1]
  • Open-Xchange's policy analysis and description of the problems [2]

If you prefer a video explanation:

  • "The DoH dilemma" from FOSDEM 2019 [3]
Implementation plans

Mozilla is the leader in pushing DNS-over-HTTPS as the new default for browsers, and their default policy is to bypass the name server configured by the user and promote the use of remote resolvers that have signed a service agreement with them. You can read:

  • The original announcement on their blog in June 2018, with a lot of community discussion in the comments [4]
  • Their performance updates in February [5]
  • Their recently published set of requirements for DoH servers to be included among Firefox's resolvers [6]

Google is providing DoH support on their public resolver and is also implementing it in Chrome, but not by default at this time. It also tries to look for a DoH service on the local resolver first. You can read:

  • The announcement of Google's public resolver plans [7]
  • Tentative plans and policies for implementation in Google Chrome [8]
Technical and policy analyses
  • Wolfgang Kleinwächter's Internet governance outlook for 2019, referring to DoH at the end [9]
  • Ungleich's analysis from August 2018 [10]
  • Notes from the DNS privacy debate at FOSDEM 2019 [11]
  • Problems caused by DoH to ISPs in the UK [12]
  • An architectural analysis of pros and cons by Akamai's Erik Nygren [13]
  • The House of Lords discussing DoH concerns in a parliamentary session [14]
Reference and technical material
  • The full technical specification, RFC 8484 [15]
  • A list of current publicly available DoH servers and implementations [16]
  • Google's resolver DoH API [17]

People

Until .

Please provide name and institution for all people you list here.

Focal Point

  • Vittorio Bertola

Organising Team (Org Team) List them here as they sign up.

  • Chivintar Amenty, YouthDIG 2019
  • Wolfgang Kleinwächter
  • Peter Koch
  • Collin Kurre, ARTICLE 19

Key Participants

Key Participants are experts willing to provide their knowledge during a session – not necessarily on stage. Key Participants should contribute to the session planning process and keep statements short and punchy during the session. They will be selected and assigned by the Org Team, ensuring a stakeholder balanced dialogue also considering gender and geographical balance. Please provide short CV’s of the Key Participants involved in your session at the Wiki or link to another source.

Moderator

The moderator is the facilitator of the session at the event. Moderators are responsible for including the audience and encouraging a lively interaction among all session attendants. Please make sure the moderator takes a neutral role and can balance between all speakers. Please provide short CV of the moderator of your session at the Wiki or link to another source.

Remote Moderator

Trained remote moderators will be assigned on the spot by the EuroDIG secretariat to each session.

Reporter

  • Ilona Stadnik, Geneva Internet Platform

The Reporter takes notes during the session and formulates 3 (max. 5) bullet points at the end of each session that:

  • are summarised on a slide and presented to the audience at the end of each session
  • relate to the particular session and to European Internet governance policy
  • are forward looking and propose goals and activities that can be initiated after EuroDIG (recommendations)
  • are in (rough) consensus with the audience

Current discussion, conference calls, schedules and minutes

See the discussion tab on the upper left side of this page. Please use this page to publish:

  • dates for virtual meetings or coordination calls
  • short summary of calls or email exchange

Please be as open and transparent as possible in order to allow others to get involved and contact you. Use the wiki not only as the place to publish results but also to summarize the discussion process.

Messages

A short summary of the session will be provided by the Reporter.

Video record

Will be provided here after the event.

Transcript

Will be provided here after the event.