Dear Satish,
DoH is attractive to some organisations because it is the
missing piece of the puzzle that algorithms could use to
learn more about you. Yes, it is a niche technology, but
today the "owners" of the metadata of all of the addresses
that you go to, derived from DNS queries, is actually
distributed. The Root operators know what TLDs you use most.
An ISP that runs the local resolver knows what addresses you
access. In fact, anyone can scan and eavesdrop on your DNS
queries to derive meta-information about your browsing
habits. DoH closes the door to this third party
meta-information gathering, to bring it to a closed group of
players that already have cookies, IP addresses, your log-in
account, email, and any other services which you use on the
cloud with the meta-data of all of your DNS enquiries. It is
one more piece of the puzzle towards tracking you.
In the future it would also be possible to, by the flick of
a switch, switch off the DNS queries and keep solely to the
DoH queries based on a snapshot of the Internet's addresses.
The difference between this and other systems is that
alternative roots required an intervention from the user to
switch to an alternative root, which was a less stable
system than the DNS's 13 roots. Plus, alternative DNSes did
not have that essential element of providing so much data
for a single entity thus there was no commercial drive to go
that way. DoH has all the elements for a perfect storm, from
industry consolidation to generation of more meta-data
in-house, value creation through better tracking and big
players already really interested in implementing it. That's
the threat and that's why it is important.
Kindest regards,
Olivier
On
06/05/2019 15:54, Satish Babu wrote:
I'd be curious to know what makes DoH more
attractive in comparison with the existing DNS service
in order for it to completely displace DNS.
The key question is if DoH will remain a niche
technology (similar to first- and second-generation
DNS substitutes ranging from TOR, FreeNet, and I2P to
the very new Ethereum Name Service, all of which are
likely to remain niche), or if it's likely to scale up
as a direct (and effective) substitute to the generic
DNS, noting that it does avoid several security
pitfalls (including eavesdropping/tracking,
man-in-the-middle etc).
Also, from an Internet Consolidation perspective,
DoH appears to make things even more centralized...not
necessarily a good thing for end-users.
satish
Hello Olivier,
I hear you and am looking forward to more
details on how that relegation of ICANN could
happen in practice.....am sure not against having
DoH on HIT but I hope we will first ensure to give
end-users the technological details of DoH(in a
layman way) before we move on to its political
implications as I certainly don't think DoH
threatens ICANN's root management role as you seem
to suggest; perhaps for now one can say it could
move the direction of a few USDs ;-)
Regards
On Mon, May 6,
2019 at 1:18 PM Olivier MJ Crépin-Leblond <
ocl@gih.com>
wrote:
Yup -- in DoH think about
a naming system solely run and controlled by the
cloud providers that have signed up for DoH.
That can easily replace the DNS altogether and
relegate ICANN to a glitch in history.
Kindest regards,
Olivier
On
06/05/2019 13:39, Sebastien Bachollet wrote:
DoH is not at all today
a technical question (even if we need to
understand the technology).
It is a huge political issues
particularly to all Internet users.
SeB
Envoyé de mon iPhone
Hello Maureen,
I assume the text in blue are
your recommendations? if yes then am
fine with the suggestion, if there
is an intention to further reduce
the list, my preference of item that
I think should be retained are 4, 1,
5 in that order before others can
then follow. The DoH may be better
suited for the techday.
Regards
Hi all
I finally found what I was
looking for. This was Keith's
consolidated approach proposed
on April 30 for your
consideration (to mnimise the
number of HIT sessions in
Marrakech)
| 1 |
Impact of
GDPR and EPDP Phase 1
Recommendations on
Existing Policies and
Procedures. |
|
Combine
1.1, 1.2 and 1.3 into
one session |
|
1.1
Combatting Abuse with
GDPR |
|
1.2
Privacy-Proxy
Implementation |
|
1.3
Across Field Validation |
|
|
| 2 |
EPDP
Phase 2 / Uniform Access
Model |
|
REMOVE these
two proposed sessions
because EPDP Phase 2
work will only have
been under way for 6
weeks by the time we
arrive in Marrakech.
It may be premature to
schedule a HIT/CC
session - possibly
defer this to ICANN66
in Montreal |
| |
|
| 3 |
Sessions
that are merely updates
can be provided as a pre-meeting
webinar. |
|
3.1
ATRT3 |
|
3.2
SSR-2 |
|
3.3
NomCom Review |
|
|
| 4 |
Future
of Multistakeholder
Model Governance |
|
Is
necessary to complete
the project kicked off
in Kobe by the year's
end. Clearly a topic of
interest to the entire
community. This session
should be included. |
|
|
| 5 |
Enhance
Effectiveness of
Specific Review
Recommedations and their
Implementation |
|
This
session is timely,
particularly with
developments around the
Board's actions on the
CCT-RT recommendations . This session
should be included |
|
|
| 6 |
Universal
Acceptance |
|
There
was a good bit of
discussion in Kobe and
it is an issue that
appears to be generating
increased interest. With
the meeting being held
in Marrakech, it is a
good opportunity to continue
discussions
on the UA and
IDM-related issues. |
|
|
| 7 |
DNS
over HTTPS (DoH) |
|
Not
seen as having broad
community interest at
this time. Could
possibly be a regular
session but would REMOVE. |
|
|
| 8 |
GNSO
proposing these topics
for one CC session |
|
8.1
Rules for Uniform Domain
Name Dispute Resolution
Policy |
|
8.2
Uniform Rapid Suspension
system (URS) rules |
|
8.3
WHOIS Data Reminder
Policy |
|
8.4
Transfer Policy |
|
8.5
Transfer Dispute
Resolution Policy |
|
8.6
Across Field Validation |
|
8.7
Process for handing RAA
Data Retention Waiver
Requests |
|
8.8
Registration Data Access
Protocol (RDAP) |
|
8.9
WHOIS Accuracy Reporting
System (ARS) |
|
8.10
Thick WHOIS Transition
policy for .com, .net,
.jobs
Comments please
Maureen |
ALAC mailing list
ALAC@atlarge-lists.icann.org
https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org
ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
--
_______________________________________________
ALAC mailing list
ALAC@atlarge-lists.icann.org
https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org
ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
--
Olivier MJ Crépin-Leblond, PhD
http://www.gih.com/ocl.html
--
_______________________________________________
ALAC mailing list
ALAC@atlarge-lists.icann.org
https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org
ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
--
Olivier MJ Crépin-Leblond, PhD
http://www.gih.com/ocl.html