Home / Blogs

Recalibrating the DoH Debate

Stacie Hoffmann

At the Internet Engineering Task Force (IETF) it is time we accept the wide range of drivers behind (and implications of) standards and for stakeholders to start listening to each other.

A protocol recently released by the IETF, DNS over HTTPS (DoH), is at the centre of an increasingly polarised debate. This is because DoH uses encryption in the name of security and privacy and re-locates DNS resolution to the application layer of the Internet. This will impact cyber security, Internet consolidation, public policy issues, and our expectations of key actors in the Internet ecosystem — creating more problems than it solves at this time.

When many are calling for increased accountability or breaking up of tech monopolies, adopting DoH in browsers and apps is a counterintuitive move. But the fledgling DoH may have some benefits to offer in terms of speed and resiliency, so we shouldn't turn our backs on it yet. What is missing right now is a public discussion of the trade-offs between particular approaches to security (e.g. DNS encryption) with other security measures distributed throughout the Internet's layers (e.g. malware blocking in the network) and the wider effects on society.

In Montreal this week, thousands of engineers are meeting at the IETF to develop Internet protocols and discuss the future of DoH. DoH was originally proposed by Mozilla and promoted as a privacy-protecting upgrade to the current DNS resolution system which runs in clear text.

'DNS' stands for domain name system. The 'system' is a globally coordinated, decentralised network of servers that translate (i.e. resolve) user-friendly domain names (e.g. CircleID.com) to numerical Internet protocol addresses. At a basic level, this enables us to find cat videos on the web. Although decentralised, the market is concentrated. A recent study showed 10 companies resolve 50% of DNS traffic globally — this includes Google and Cloudflare. The other 50% includes local ISPs and other stakeholders.

DoH changes this model, concentrating resolution within the application, instead of the network, layer. To aggravate this debate, Mozilla contracted with Cloudflare, an American content delivery network, to resolve the Firefox browser's DoH queries with problematic policy terms. In General Data Protection Regulation terms, Mozilla and Cloudflare — or any app that adopts DoH — would be data controllers of DNS queries and therefore have access to and a decision over how the data is processed and used.

This is ironic considering DoH is supposed to address what Mozilla sees as the abuse (i.e. monetisation) of DNS data by American ISPs. Yet Mozilla, gets 94% of its funding from 'global browser search partnerships' and uses Google as its default browser. Google accounts for over 90% of the global search market and resolves no less than 13% of DNS queries already. When Mozilla and Google switch on DoH it will result in a fundamental shift in how the Internet is structured, and our expectations of a disperse network of actors.

At the IETF 'privacy' through encryption has become the right du jour since the Snowden revelations. DoH is only one in a long line of IETF standards which adopt encryption and changes the protocols that allow us to communicate over the Internet. Others include the similar DOT, QUIC, and TLS 1.3. We need to step back from the privacy rhetoric and sweeping security claims to refocus the discussion on legitimate uses and trade-offs, and this is why:

First off, encryption is not privacy. And counter to some, I would argue DoH does not inherently protect our rights.

In DoH, encryption is a security tool used to protect data in transit. DoH is not privacy-protecting because it does not address issues or abuses at the point of data collection (where privacy is initially breached) or points like processing and resale (where privacy breaches can lead to further harm). The protocol still offers benefits, particularly to those living under regimes known for oppressing freedoms online — but tools like Tor already exist for this.

Secondly, instead of dispersing a variety of tools at different Internet layers, DoH concentrates security tools and user protections at the application layer — and away from local jurisdiction which may or may not be a benefit. For instance, in the Mozilla model, local ISPs and other DNS resolvers using traffic data to protect us from threats like malware or IP spoofing and block illegal content like child pornography will not be able to apply their tools. Consolidating security in this way could result in a bottleneck or single point of failure. An accident like Cloudflare's outage earlier this month could take down every browser and service using its DoH resolver.

DoH does offer some positive changes, such as potentially faster resolution. One test shows speed is currently linked to geographic location — which could support decentralisation and address part of the security conundrum. But geolocation has implications for user privacy and could make monitoring and blocking Internet traffic easier — a win for oppressive regimes.

Right now, those working on DoH should focus on understanding problem areas and developing specific use cases, particularly those that can benefit from an alternate trust model. For instance, a banking app could communicate directly with its designated DoH resolver and protect against man-in-the-middle attacks. Shifting the conversation starts to address issues like data abuse, consolidation of the Internet's layers and security trade-offs.

For too long the Internet governance community including civil society, academics, some technical experts, and policy makers have been disengaged from Internet standards. In defence of the IETF, it is not, nor should it be, an engineer's job to solve technology's public policy and human rights issues. However, those developing standards should be aware of these issues, and stakeholders holding responsibility need to engage meaningfully in standards development.

What the Internet governance community needs now is a recalibration in relation to DoH and other standards. Understanding (and accepting) the protocol, its benefits and limitations, trade-offs, and new security needs should start the discussion afresh. Otherwise we risk polarising and retrenching the debate and losing out on what DoH may have to offer — or even worse, fundamentally changing the Internet before we understand the implications.

By Stacie Hoffmann, Digital Policy & Cyber Security Consultant at Oxford Information Labs Ltd
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

Cybersecurity

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias

Whois

Sponsored byWhoisXML API

DNS Security

Sponsored byAfilias

Domain Names

Sponsored byVerisign

Cybercrime

Sponsored byThreat Intelligence Platform