Zoom Breakout Room 1: Measurement of Encrypted DNS
- Kick-off question from Sandra: Who are we designing encrypted DNS
protocols for?
- Idea from Benno (who couldn’t be present in the session): these
protocols need to be designed to work for everybody.
- Alec: I don’t think “designing for everybody” would go well. DNS
is a distributed protocol; it is a distributed database. It is
very presumpuous of us to designate threat models onto third
parties. Telling users how much privacy they are allowed to have
(i.e., the security/privacy properties of encrypted DNS
protocols) will inevitable have consequences. It may drive them
underground.
- Sandra: I agree, but most people don’t know what DNS is, nor
DoT/DoH. They don’t necessarily know what decisions to make.
- Paul: Historically, the IETF has been pretty bad at predicting
user behavior. The development of the Internet in general has
shown that every new protocol has been bent (and that may be one
of the charms of the Internet!) There’s clearly a need for
better education. The best we can do right now is “turn loose” a
bunch of stuff (e.g., protocols) and see what sticks.
- Paras: Until now, every presentation I’ve heard on encrypted DNS
has been about how to get the lowest latency. Alec, I like that
your presentation doesn’t just focus on getting the lowest
latency, but rather something that’s acceptable. However, I have
kids in my house, and they’re really impatient. If I ask my 13
y/o, they just want the fastest protocol; they’re not as
concerned about privacy. Thus, the decisions we make about
protocols and tradeoffs between latency/privacy are very
individualistic.
- Alec: In my experience, waiting for Netflix with DoHoT is not
too bad. It’s no worse than using 4G in a well-served area.
Occasionally, you go through days where there’s extra latency
for a brand new domain name that isn’t cached, but otherwise
that’s lost in the noise. I can’t speak for your kid, but I’m
just happy to make something that just works. I want to make the
point that latency is a budget, not a cost.
- Simone: Because of my work with OONI, I spend a lot of time
speaking with users not in the West. I am humbled by the amount
of information these people have about censorship, and how to
circumvent it, e.g. with DoT/DoH/VPNs. They know this out of
necessity. I believe that on the one hand saying that users are
“dumb” is true to an extent, but we have to qualify this
statement. Increasingly, this is not becoming the case. Who am I
designing for: everyone where “everyone” means people that have
difficulties using it. I would encourage us to design stuff that
considers everyone in the world.
- Sudheesh: I did not mean to say that users are “dumb.” I agree
with the idea that latency and performance are not everything.
There are a huge number of people that don’t even have cellular
connectivity. However, we can’t neglect the idea that latency
and performance matter. The goal should be to drive down latency
while increasing connectivity and increasing security/privacy.
- Alec: Imagine you worked for a really large social network. They
have to deal with the fact that people have satellite links, and
people are joining the network from less well-connected
networks. You may want to build caches that are close to these
users. Why not, then, address the question of making DNS fast
for everyone by having a “local” version of ODoH (or DoHoT) that
works in local networks, rather than a centralized solution?