IGF 2019 WS #310 DOH! DNS over HTTPS explained

Organizer 1: Technical Community, Western European and Others Group (WEOG)
Organizer 2: Technical Community, Western European and Others Group (WEOG)
Organizer 3: Technical Community, Western European and Others Group (WEOG)

Speaker 1: Byron Holland, Technical Community, Western European and Others Group (WEOG)
Speaker 2: Geoff Huston, Technical Community, Asia-Pacific Group
Speaker 3: Patrik Fältström, Technical Community, Western European and Others Group (WEOG)
Speaker 4: Suzanne Woolf, Technical Community, Western European and Others Group (WEOG)
Speaker 5: Mariko Kobayashi, Technical Community, Asia-Pacific Group

Policy Question(s): 

How does concealing DNS queries within an encrypted channel affect enterprise network management?

What is the impact on law enforcement?

Are there benefits of DOH for the internet ecosystem (e.g. infrastructure, robustness, trust) that extend beyond privacy?

What challenges does DOH pose to the present namespace?

What challenges does browser-based DNS resolution pose to personal privacy?

Relevance to Theme: DOH is a DNS resolution protocol designed to increase user privacy and security by eliminating the ability to intercept and manipulate DNS data. DOH does not need to query public DNS infrastructure to resolve a domain name, instead forging an encrypted end-to-end connection between the end user’s device and a web server.

The confidentiality of DNS requests afforded by DOH prevents DNS hijacking and spoofing. This also makes it more difficult to share DNS data with third parties (such as governments of corporations.)

However, DOH can be enabled within a browser without the user’s explicit knowledge or permission. This raises an entirely new set of privacy issues relating to user data being directed to third parties in a manner that is invisible to the user.

Relevance to Internet Governance: The increased privacy from public DNS infrastructure that is afforded by DOH is not without criticism.

Some security and privacy experts object to DOH on the basis of operational risks to network operators, its compatibility with privacy legislation, and the increased power of browser developers and their preferred DNS resolvers over internet users.

DOH represents a fundamental shift in internet architecture and challenges the status quo hierarchical namespace. The protocol is a topic of hot debate between stakeholders who currently operate different pieces of the DNS, as well as network administrators who would lose the ability to manipulate traffic, and law enforcement agencies’ ability to investigate based on DNS traffic.

Format: 

Birds of a Feather - Classroom - 90 Min

Description: DNS over HTTPS (DOH) is a DNS resolution protocol designed to increase user privacy and security by eliminating the ability to intercept and manipulate DNS data. DOH does not need to query public DNS infrastructure to resolve a domain name, instead forging an encrypted end-to-end connection between the end user’s device and a web server.

This BoF aims to explore the emergence of the DOH protocol and the associated policy issues in a manner that is accessible for all stakeholders of technical and non-technical backgrounds.

With the guidance of technical and policy professionals from various stakeholder groups, BoF participants will discuss the state of the latest implementations, policy questions, and challenges related to running DNS over HTTPS.

Expected Outcomes: BoF participants will learn how DNS over HTTPS functions and how it departs from the current DNS architecture
BoF participants will discuss different perspectives of DNS over HTTPS and the policy issues associated with its implementation

Discussion Facilitation: 

The workshop will be organized as a BOF. Led by the moderator, a short presentation on the latest developments on DOH will presented and key questions presented for discussion and dialogue.

The moderator and remote participation lead will seek to promote and encourage a facilitated dialogue among the subject matter experts, invited experts in the audience, and those participating virtually.

Knowing there is considerable interest in the topic, efforts will be taken to record comments and/or video interventions from experts whose schedules do not make it possible for them to be present the date/time of the session.

In addition to the background documents and papers that will be prepared ahead of the IGF, additional articles of interest, commissioned blogs, reference materials and social media conversations will be published and distributed ahead of the workshop.

Online Participation: 

Knowing there is considerable interest in the topic, efforts will be taken to engage experts virtually whose schedules do not make it possible for them to be present the date/time of the session.

Proposed Additional Tools: Knowing there is considerable interest in the topic, efforts will be taken to record comments and/or video interventions from experts whose schedules do not make it possible for them to be present the date/time of the session.

In addition to the background documents and papers that will be prepared ahead of the IGF, additional articles of interest, commissioned blogs, reference materials and social media conversations will be published and distributed ahead of the workshop.

SDGs: 

GOAL 9: Industry, Innovation and Infrastructure