Dear Satish,
DoH is attractive to some organisations because it is the missing
piece of the puzzle that algorithms could use to learn more about
you. Yes, it is a niche technology, but today the "owners" of the
metadata of all of the addresses that you go to, derived from DNS
queries, is actually distributed. The Root operators know what TLDs
you use most. An ISP that runs the local resolver knows what
addresses you access. In fact, anyone can scan and eavesdrop on your
DNS queries to derive meta-information about your browsing habits.
DoH closes the door to this third party meta-information gathering,
to bring it to a closed group of players that already have cookies,
IP addresses, your log-in account, email, and any other services
which you use on the cloud with the meta-data of all of your DNS
enquiries. It is one more piece of the puzzle towards tracking you.
In the future it would also be possible to, by the flick of a
switch, switch off the DNS queries and keep solely to the DoH
queries based on a snapshot of the Internet's addresses.
The difference between this and other systems is that alternative
roots required an intervention from the user to switch to an
alternative root, which was a less stable system than the DNS's 13
roots. Plus, alternative DNSes did not have that essential element
of providing so much data for a single entity thus there was no
commercial drive to go that way. DoH has all the elements for a
perfect storm, from industry consolidation to generation of more
meta-data in-house, value creation through better tracking and big
players already really interested in implementing it. That's the
threat and that's why it is important.
Kindest regards,
Olivier
On 06/05/2019 15:54, Satish Babu wrote:
I'd be curious to know what makes DoH more attractive in
comparison with the existing DNS service in order for it to
completely displace DNS.
The key question is if DoH will remain a niche technology
(similar to first- and second-generation DNS substitutes
ranging from TOR, FreeNet, and I2P to the very new Ethereum
Name Service, all of which are likely to remain niche), or if
it's likely to scale up as a direct (and effective) substitute
to the generic DNS, noting that it does avoid several security
pitfalls (including eavesdropping/tracking, man-in-the-middle
etc).
Also, from an Internet Consolidation perspective, DoH
appears to make things even more centralized...not necessarily
a good thing for end-users.
satish
Hello Olivier,
I hear you and am looking forward to more details on
how that relegation of ICANN could happen in
practice.....am sure not against having DoH on HIT but I
hope we will first ensure to give end-users the
technological details of DoH(in a layman way) before we
move on to its political implications as I certainly don't
think DoH threatens ICANN's root management role as you
seem to suggest; perhaps for now one can say it could move
the direction of a few USDs ;-)
Regards
On Mon, May 6, 2019 at
1:18 PM Olivier MJ Crépin-Leblond <
ocl@gih.com> wrote:
Yup -- in DoH think about a naming
system solely run and controlled by the cloud providers
that have signed up for DoH. That can easily replace the
DNS altogether and relegate ICANN to a glitch in
history.
Kindest regards,
Olivier
On
06/05/2019 13:39, Sebastien Bachollet wrote:
DoH is not at all today a
technical question (even if we need to understand the
technology).
It is a huge political issues particularly to all
Internet users.
SeB
Envoyé de mon iPhone
Hello Maureen,
I assume the text in blue are your
recommendations? if yes then am fine with
the suggestion, if there is an intention to
further reduce the list, my preference of
item that I think should be retained are 4,
1, 5 in that order before others can then
follow. The DoH may be better suited for the
techday.
Regards
Hi all
I finally found what I was looking
for. This was Keith's consolidated
approach proposed on April 30 for your
consideration (to mnimise the number of
HIT sessions in Marrakech)
| 1 |
Impact of GDPR and
EPDP Phase 1 Recommendations on
Existing Policies and
Procedures. |
|
Combine
1.1, 1.2 and 1.3 into one
session |
|
1.1
Combatting Abuse with GDPR |
|
1.2
Privacy-Proxy Implementation |
|
1.3
Across Field Validation |
|
|
| 2 |
EPDP
Phase 2 / Uniform Access Model |
|
REMOVE these
two proposed sessions because
EPDP Phase 2 work will only
have been under way for 6
weeks by the time we arrive in
Marrakech. It may be premature
to schedule a HIT/CC session -
possibly defer this to ICANN66
in Montreal |
| |
|
| 3 |
Sessions
that are merely updates can be provided as a pre-meeting
webinar. |
|
3.1
ATRT3 |
|
3.2
SSR-2 |
|
3.3
NomCom Review |
|
|
| 4 |
Future
of Multistakeholder Model
Governance |
|
Is necessary
to complete the project kicked
off in Kobe by the year's end.
Clearly a topic of interest to
the entire community. This session
should be included. |
|
|
| 5 |
Enhance
Effectiveness of Specific Review
Recommedations and their
Implementation |
|
This session
is timely, particularly with
developments around the Board's
actions on the CCT-RT
recommendations . This session
should be included |
|
|
| 6 |
Universal
Acceptance |
|
There was a
good bit of discussion in Kobe
and it is an issue that appears
to be generating increased
interest. With the meeting being
held in Marrakech, it is a good
opportunity to continue
discussions on the
UA and IDM-related issues. |
|
|
| 7 |
DNS
over HTTPS (DoH) |
|
Not seen as
having broad community interest
at this time. Could possibly be
a regular session but would REMOVE. |
|
|
| 8 |
GNSO
proposing these topics for one
CC session |
|
8.1
Rules for Uniform Domain Name
Dispute Resolution Policy |
|
8.2
Uniform Rapid Suspension system
(URS) rules |
|
8.3
WHOIS Data Reminder Policy |
|
8.4
Transfer Policy |
|
8.5
Transfer Dispute Resolution
Policy |
|
8.6
Across Field Validation |
|
8.7
Process for handing RAA Data
Retention Waiver Requests |
|
8.8
Registration Data Access
Protocol (RDAP) |
|
8.9
WHOIS Accuracy Reporting System
(ARS) |
|
8.10
Thick WHOIS Transition policy
for .com, .net, .jobs
Comments please
Maureen |
ALAC mailing list
ALAC@atlarge-lists.icann.org
https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org
ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
--
_______________________________________________
ALAC mailing list
ALAC@atlarge-lists.icann.org
https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org
ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
--
Olivier MJ Crépin-Leblond, PhD
http://www.gih.com/ocl.html
--
_______________________________________________
ALAC mailing list
ALAC@atlarge-lists.icann.org
https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org
ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
--
Olivier MJ Crépin-Leblond, PhD
http://www.gih.com/ocl.html