Rootconf is HasGeek’s annual conference – and now a growing community – around DevOps, systems engineering, DevSecOps, security and cloud. The annual Rootconf conference takes place in May each year, with the exception of 2019 when the conference will be held in June.
Besides the annual conference, we also run meetups, one-off public lectures, debates and open houses on DevOps, systems engineering, distributed systems, legacy infrastructure, and topics related to Rootconf.
This is the place to submit proposals for your work, and get them peer reviewed by practitioners from the community.
Topics for submission:
We seek proposals – for short and long talks, as well as workshops and tutorials – on the following topics:
- Case studies of shift from batch processing to stream processing
- Real-life examples of service discovery
- Case studies on move from monolith to service-oriented architecture
- Network security
- Monitoring, logging and alerting – running small-scale and large-scale systems
- Cloud architecture – implementations and lessons learned
- Optimizing infrastructure
- Immutable infrastructure
- Aligning people and teams with infrastructure at scale
- Security for infrastructure
If you have questions/queries, write to us on firstname.lastname@example.org
Closing the Gap: How ESNI and Encrypted DNS Will Help End Internet Surveillance
Even with HTTPS rising to more than 70% of page loads worldwide, Internet users are still susceptible to having their browsing swept up by mass surveillance through two channels: their DNS requests and the fact that when they first connect to a server over HTTPS, the domain name they’re visiting is visible in the clear. Two protocols will fix that: DNS over TLS (or DNS over HTTPS), and encrypted Server Name Indication. This talk will explain what these protocols are and why they’re important. Even more importantly, we’ll explain how these protocols are actually being deployed, and why there’s a danger that increasing security may actually lead to more censorship or less privacy, depending on your trust model, through centralization of encrypted DNS services.
The first half will be an explanation of SNI and DNS leakage of domain name traffic (and why HTTPS isn’t enough), and how this is used for censorship, monitoring, and domain hijacking by nation-state adversaries and ISPs. We’ll talk briefly about how domain fronting worked, too.
Then, I’ll explain ESNI at a deeper technical level, as well as modern DoT and DoH proposals. I’ll also explain where we are today with deployment, and the current outlook.
The final part will be a call-to-action: what can you do to help the adoption and improvement of these protocols, and help us encrypt the entire Internet?
Some beginner technical background will be required (i.e. understand the purpose of DNS), but hopefully I’ll do a good job at explaining the rest!
Sydney is a Staff Technologist at EFF. She primarily works on EFF’s “encrypting the net” initiative to secure all TCP packets. Her current mission is to finally secure email delivery via STARTTLS Everywhere. She also develops the Let’s Encrypt Certbot client, which secures communications with web users via HTTPS. Otherwise, she cares a lot about decentralizing state and corporate power, censorship resistance, puzzles, painting, and noodles.