Call for round the year submissions for Rootconf in 2019

Submit a proposal at any time in the year on DevOps, infrastructure security, cloud, and distributed systems. We will find you a suitable opportunity to share your work.

Propose a session

Closing the Gap: How ESNI and Encrypted DNS Will Help End Internet Surveillance

Submitted by s li (@sydli) on Tuesday, 9 April 2019

Technical level: Beginner

Abstract

Even with HTTPS rising to more than 70% of page loads worldwide, Internet users are still susceptible to having their browsing swept up by mass surveillance through two channels: their DNS requests and the fact that when they first connect to a server over HTTPS, the domain name they’re visiting is visible in the clear. Two protocols will fix that: DNS over TLS (or DNS over HTTPS), and encrypted Server Name Indication. This talk will explain what these protocols are and why they’re important. Even more importantly, we’ll explain how these protocols are actually being deployed, and why there’s a danger that increasing security may actually lead to more censorship or less privacy, depending on your trust model, through centralization of encrypted DNS services.

Outline

The first half will be an explanation of SNI and DNS leakage of domain name traffic (and why HTTPS isn’t enough), and how this is used for censorship, monitoring, and domain hijacking by nation-state adversaries and ISPs. We’ll talk briefly about how domain fronting worked, too.

Then, I’ll explain ESNI at a deeper technical level, as well as modern DoT and DoH proposals. I’ll also explain where we are today with deployment, and the current outlook.

The final part will be a call-to-action: what can you do to help the adoption and improvement of these protocols, and help us encrypt the entire Internet?

Requirements

Some beginner technical background will be required (i.e. understand the purpose of DNS), but hopefully I’ll do a good job at explaining the rest!

Speaker bio

Sydney is a Staff Technologist at EFF. She primarily works on EFF’s “encrypting the net” initiative to secure all TCP packets. Her current mission is to finally secure email delivery via STARTTLS Everywhere. She also develops the Let’s Encrypt Certbot client, which secures communications with web users via HTTPS. Otherwise, she cares a lot about decentralizing state and corporate power, censorship resistance, puzzles, painting, and noodles.

Comments

Login with Twitter or Google to leave a comment