The final in our series of Q&As with participants at IETF 112 is with Tim Wicinski. Tim is one of the chairs of the DNS PRIVate Exchange (dprive) working group that “develops mechanisms to provide confidentiality to DNS transactions in order to address concerns surrounding pervasive monitoring.” Here Tim explains the path that led to him being involved in the IETF, but more importantly, the significance of DPRIVE for TLDs and why they should be involved, underlining that he also understands they may not have the resources or time to do so.
CENTR: What is your background?
Tim Wicinski: Someone with a degree in Computer Science, starting college working on card punch machines and left during the initial ARPANET days.
CENTR: What is your work that led you to becoming involved in the IETF?
TW: I was working on networking problems at scale and this had me looking for not only advanced solutions, but looking to talk over problems and experiment on solutions.
CENTR: Why did you become interested in the IETF?
TW: I've always kept up with the work of improving networking protocols and standards, and the ideas of rough consensus and I’ve found running code to be always refreshing.
CENTR: What was the significance of the DPRIVE session at IETF 112 for ccTLDs?
TW: The ccTLDs should follow the experiments that are beginning to attempt DNS-over-TLS between recursive resolvers and authoritative resolvers. While initially these efforts are opportunistic in nature, they are giving the DNS implementers a look into how these services will be deployed, how they can or will be adopted, and an insight into any additional performance information.
While ccTLDs are authoritative servers, our initial testing/use cases are what we call second level domains, domains purchased from one of the ccTLDs, and how recursive resolvers will interact with them. An example for a use case would be a university or corporate campus: these environments will have multiple recursive resolvers interacting with their domain name servers constantly. Adding an extra layer of privacy and confidentiality can be monitored, and this will help the working group think about scaling up.
CENTR: Why should ccTLDs (or even gTLDs) get involved in the DPRIVE working group?
TW: We feel that it is useful for ccTLDs and gTLDs to monitor the various attempts, but we also know they may not have the resources to do more than be informed. This work is going slow because while it is one thing for second level domains to experiment with their domains or add features to their zones, gTLDs (and to some extent ccTLDs) have relationships with ICANN that intersect with this work. Also, TLD operators have a business and reliability relationship to put first and foremost.
CENTR: What are the next steps?
TW: The next steps will involve running code and getting folks to run it in situations which are not business critical to help work out any issues that may arise.