For the fourth time in a row, the Internet Engineering Task Force (IETF) is meeting fully virtually this week (8-12 March). This has not stopped the Internet standards body from driving a lot of work in the DNS area. Here is a quick overview of the packed agenda and some highlights for interested participants from the CENTR community and beyond.
More on DNS privacy
Advancing DNS privacy has been on the agenda for a number of years, and the work is far from completed. Today the DPRIVE Working Group will discuss a topic that has been dormant for some time: encrypting traffic from the recursive to the authoritative resolver in the DNS tree.
For the first time, cryptographically securing the second leg of the DNS resolution hiearchy will be discussed, says Vladimir Cunat from CZ.NIC. TLD servers look like the most prominent point to consider privacy, “as much of their traffic necessarily contains website names that get accessed”. Apple, Mozilla, Google and Cloudflare will present a draft on how authoritative resolvers can signal they support encryption. Their draft will be discussed alongside the proposal on encrypting the path between recursive and authoritative resolvers from ICANN‘s Paul Hofmann and Power DNS engineer, Peter van Dijk.
The DPRIVE WG will also delve into the idea of decoupling the client identity from the content of his requests through Oblivious DNS over HTTPS (OdoH). OdoH was first introduced in the Adaptive DNS Discovery WG, but ADD will now focus on the discovery of resolvers.
Interestingly the “oblivious” requests have garnered special interest from HTTP experts. Martin Thomson from Mozilla will therefore ask the SecDispatch WG to consider his draft on oblivious HTTPS on Thursday (16:00 UTC). Making requests oblivious in DoH or HTTPS requires a proxy to accept a client’s request for content/names. The proxy will not observe the content of the requests since they are encrypted, and sends them on to the resolver without additional information about the requester.
The DNS Operations WG will meet on Thursday afternoon and aims to advance a number of existing drafts, namely DNS catalogue zones and additional work on DNSSEC. Keep an eye on the Measurement and Analysis for Protocols Research Group (MAPRG), which has featured several DNS related research talks (archived for posterity).
A new transport
Two sets of highly important RFCs were published just before IETF110, the WebRTC RFC suite as well as version one of the new UDP-based, encrypted transport protocol, Quic. The latter certainly also opens the avenue for another DNS idea, DNS over Quic. The proposal by Christian Huitema has been sitting idle for some time, but may be adopted in the DPRIVE WG on Tuesday. If adopted, the equation for a privacy friendly DNS changes once more.
Other topics to watch
For those with time on their hands, there certainly is much more interesting stuff on the agenda. The meeting of the Registration Protocol Extensions WG is a must for many registry experts. Look out for the BoF on Dane AutheNtication for Iot Service Hardening (Danish) which might finally pave the way for Dane, the so far unbeloved alternative to WebPKI.
For those looking to the future of networking, the whole area of application specific networking might prove to be of interest. There are attempts to get a WG chartered for this. What will it bring for privacy? IAB member and Apple engineer Tommy Pauly and Google‘s Lorenzo Colitti (IntArea WG, Friday afternoon) will answer this, and a draft by IAB Chair, Jari Arkko, delves into the consequences of the development, also from a privacy perspective.
A happy IETF virtual week to everybody!
***
This article was written for CENTR by Monika Ermert. Monika has been working as an IT journalist for over 20 years. She has covered the evolving internet governance landscape, EU and worldwide attempts to regulate and the risks and fun of technology. She holds an M.A. in Chinese/Media Studies from the University of Tuebingen and lives and works in Munich, Germany.
