[ALAC] The consolidated approach proposed by Keith Drazek

Mon May 6 18:39:52 UTC 2019

Dear All,

I can understand the cloud aspect - due to the architectural landscape of
the software-defined networking (SDN), the private entities like the cloud
infrastructure providers would try to sell or offer their clients DoH/DoT
as an option-based solutions; whether to choose 1) encrypted 2) unencrypted
traffic to the internal or external HTTPS endpoints.

That said, the big players might come out to say to the governments that,
with DoH/DoT there is a guarantee of a better percentage of end-to-end
information assurance over the mechanism offers by the DNSSEC.

Regards,
Wale

On Mon, May 6, 2019 at 7:04 PM Olivier MJ Crépin-Leblond <ocl at gih.com>
wrote:

> Dear Satish,
>
> you've hit the nail right on the head. This is likely to turn into another
> round of private sector vs. government.
> The trouble is that one of the ways that this could be accepted by these
> governments is by having these companies act as the censor. History is
> showing us that the Private sector is happy to oblige under certain
> conditions.
> Kindest regards,
>
> Olivier
>
> On 06/05/2019 18:04, Satish Babu wrote:
>
> Thanks very much, Olivier and Andrei, for the technical details.
>
> A follow-up comment: Many regulators and Governments are not likely to be
> happy with DoH/DoT, as these will undermine DNS-based site blocking that
> many Governments currently use. I wonder how they will respond, and if this
> is likely to impede scaling of these technologies (or if they can legally
> block these).
>
>
>
>
>
> satish
>
>
>
>
>
>
> On Mon, May 6, 2019 at 9:17 PM Olivier MJ Crépin-Leblond <ocl at gih.com>
> wrote:
>
>> Dear Satish,
>>
>> DoH is attractive to some organisations because it is the missing piece
>> of the puzzle that algorithms could use to learn more about you. Yes, it is
>> a niche technology, but today the "owners" of the metadata of all of the
>> addresses that you go to, derived from DNS queries, is actually
>> distributed. The Root operators know what TLDs you use most. An ISP that
>> runs the local resolver knows what addresses you access. In fact, anyone
>> can scan and eavesdrop on your DNS queries to derive meta-information about
>> your browsing habits. DoH closes the door to this third party
>> meta-information gathering, to bring it to a closed group of players that
>> already have cookies, IP addresses, your log-in account, email, and any
>> other services which you use on the cloud with the meta-data of all of your
>> DNS enquiries. It is one more piece of the puzzle towards tracking you.
>> In the future it would also be possible to, by the flick of a switch,
>> switch off the DNS queries and keep solely to the DoH queries based on a
>> snapshot of the Internet's addresses.
>> The difference between this and other systems is that alternative roots
>> required an intervention from the user to switch to an alternative root,
>> which was a less stable system than the DNS's 13 roots. Plus, alternative
>> DNSes did not have that essential element of providing so much data for a
>> single entity thus there was no commercial drive to go that way. DoH has
>> all the elements for a perfect storm, from industry consolidation to
>> generation of more meta-data in-house, value creation through better
>> tracking and big players already really interested in implementing it.
>> That's the threat and that's why it is important.
>> Kindest regards,
>>
>> Olivier
>>
>> On 06/05/2019 15:54, Satish Babu wrote:
>>
>> I'd be curious to know what makes DoH more attractive in comparison with
>> the existing DNS service in order for it to completely displace DNS.
>>
>> The key question is if DoH will remain a niche technology (similar to
>> first- and second-generation DNS substitutes ranging from TOR, FreeNet, and
>> I2P to the very new Ethereum Name Service, all of which are likely to
>> remain niche), or if it's likely to scale up as a direct (and effective)
>> substitute to the generic DNS, noting that it does avoid several security
>> pitfalls (including eavesdropping/tracking, man-in-the-middle etc).
>>
>> Also, from an Internet Consolidation perspective, DoH appears to make
>> things even more centralized...not necessarily a good thing for end-users.
>>
>>
>>
>>
>>
>>
>> satish
>>
>>
>>
>>
>> On Mon, May 6, 2019 at 6:51 PM Seun Ojedeji <seun.ojedeji at gmail.com>
>> wrote:
>>
>>> Hello Olivier,
>>>
>>> I hear you and am looking forward to more details on how that relegation
>>> of ICANN could happen in practice.....am sure not against having DoH on HIT
>>> but I hope we will first ensure to give end-users the technological details
>>> of DoH(in a layman way) before we move on to its political implications as
>>> I certainly don't think DoH threatens ICANN's root management role as you
>>> seem to suggest; perhaps for now one can say it could move the direction of
>>> a few USDs ;-)
>>>
>>> Regards
>>>
>>> On Mon, May 6, 2019 at 1:18 PM Olivier MJ Crépin-Leblond <ocl at gih.com>
>>> wrote:
>>>
>>>> Yup -- in DoH think about a naming system solely run and controlled by
>>>> the cloud providers that have signed up for DoH. That can easily replace
>>>> the DNS altogether and relegate ICANN to a glitch in history.
>>>> Kindest regards,
>>>>
>>>> Olivier
>>>>
>>>> On 06/05/2019 13:39, Sebastien Bachollet wrote:
>>>>
>>>> DoH is not at all today a technical question (even if we need to
>>>> understand the technology).
>>>> It is a huge political issues particularly to all Internet users.
>>>> SeB
>>>>
>>>> Envoyé de mon iPhone
>>>>
>>>> Le 6 mai 2019 à 13:13, Seun Ojedeji <seun.ojedeji at gmail.com> a écrit :
>>>>
>>>> Hello Maureen,
>>>>
>>>> I assume the text in blue are your recommendations? if yes then am fine
>>>> with the suggestion, if there is an intention to further reduce the list,
>>>> my preference of item that I think should be retained are 4, 1, 5 in that
>>>> order before others can then follow. The DoH may be better suited for the
>>>> techday.
>>>>
>>>> Regards
>>>>
>>>> On Sun, May 5, 2019 at 4:34 AM Maureen Hilyard <
>>>> maureen.hilyard at gmail.com> wrote:
>>>>
>>>>> Hi all
>>>>>
>>>>> I finally found what I was looking for. This was Keith's consolidated
>>>>> approach proposed on April 30 for your consideration (to mnimise the number
>>>>> of HIT sessions in Marrakech)
>>>>>
>>>>> 1  Impact of GDPR and EPDP Phase 1 Recommendations on Existing
>>>>> Policies and Procedures.
>>>>>
>>>>> Combine 1.1, 1.2 and 1.3 into one session
>>>>>
>>>>> 1.1 Combatting Abuse with GDPR
>>>>>
>>>>> 1.2 Privacy-Proxy Implementation
>>>>>
>>>>> 1.3 Across Field Validation
>>>>>
>>>>>
>>>>> 2 EPDP Phase 2 / Uniform Access Model
>>>>>
>>>>> REMOVE these two proposed sessions because EPDP Phase 2 work will
>>>>> only have been under way for 6 weeks by the time we arrive in Marrakech. It
>>>>> may be premature to schedule a HIT/CC session - possibly defer this to
>>>>> ICANN66 in Montreal
>>>>>
>>>>> 3 Sessions that are merely updates can be provided as a pre-meeting
>>>>> webinar.
>>>>>
>>>>> 3.1 ATRT3
>>>>>
>>>>> 3.2 SSR-2
>>>>>
>>>>> 3.3 NomCom Review
>>>>>
>>>>>
>>>>> 4 Future of Multistakeholder Model Governance
>>>>>
>>>>> Is necessary to complete the project kicked off in Kobe by the year's
>>>>> end. Clearly a topic of interest to the entire community. This
>>>>> session should be included.
>>>>>
>>>>>
>>>>> 5 Enhance Effectiveness of Specific Review Recommedations and their
>>>>> Implementation
>>>>>
>>>>> This session is timely, particularly with developments around the
>>>>> Board's actions on the CCT-RT recommendations . This session should
>>>>> be included
>>>>>
>>>>>
>>>>> 6 Universal Acceptance
>>>>>
>>>>> There was a good bit of discussion in Kobe and it is an issue that
>>>>> appears to be generating increased interest. With the meeting being held in
>>>>> Marrakech, it is a good opportunity to continue discussions on the UA
>>>>> and IDM-related issues.
>>>>>
>>>>>
>>>>> 7 DNS over HTTPS (DoH)
>>>>>
>>>>> Not seen as having broad community interest at this time. Could
>>>>> possibly be a regular session but would REMOVE.
>>>>>
>>>>>
>>>>> 8 GNSO proposing these topics for one CC session
>>>>>
>>>>> 8.1 Rules for Uniform Domain Name Dispute Resolution Policy
>>>>>
>>>>> 8.2 Uniform Rapid Suspension system (URS) rules
>>>>>
>>>>> 8.3 WHOIS Data Reminder Policy
>>>>>
>>>>> 8.4 Transfer Policy
>>>>>
>>>>> 8.5 Transfer Dispute Resolution Policy
>>>>>
>>>>> 8.6 Across Field Validation
>>>>>
>>>>> 8.7 Process for handing RAA Data Retention Waiver Requests
>>>>>
>>>>> 8.8 Registration Data Access Protocol (RDAP)
>>>>>
>>>>> 8.9 WHOIS Accuracy Reporting System (ARS)
>>>>>
>>>>> 8.10 Thick WHOIS Transition policy for .com, .net, .jobs
>>>>>
>>>>> Comments please
>>>>> Maureen
>>>>> _______________________________________________
>>>>> ALAC mailing list
>>>>> ALAC at atlarge-lists.icann.org
>>>>> https://atlarge-lists.icann.org/mailman/listinfo/alac
>>>>>
>>>>> At-Large Online: http://www.atlarge.icann.org
>>>>> ALAC Working Wiki:
>>>>> https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
>>>>
>>>>
>>>>
>>>> --
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *Seun Ojedeji, Federal University Oye-Ekiti web:
>>>> http://www.fuoye.edu.ng <http://www.fuoye.edu.ng> Mobile: +2348035233535 **alt
>>>> email: <http://goog_1872880453>seun.ojedeji at fuoye.edu.ng
>>>> <seun.ojedeji at fuoye.edu.ng>*
>>>>
>>>> Bringing another down does not take you up - think about your action!
>>>>
>>>>
>>>> _______________________________________________
>>>> ALAC mailing list
>>>> ALAC at atlarge-lists.icann.org
>>>> https://atlarge-lists.icann.org/mailman/listinfo/alac
>>>>
>>>> At-Large Online: http://www.atlarge.icann.org
>>>> ALAC Working Wiki:
>>>> https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
>>>>
>>>>
>>>> _______________________________________________
>>>> ALAC mailing listALAC at atlarge-lists.icann.orghttps://atlarge-lists.icann.org/mailman/listinfo/alac
>>>>
>>>> At-Large Online: http://www.atlarge.icann.org
>>>> ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
>>>>
>>>>
>>>> --
>>>> Olivier MJ Crépin-Leblond, PhDhttp://www.gih.com/ocl.html
>>>>
>>>>
>>>
>>> --
>>> ------------------------------------------------------------------------
>>>
>>>
>>>
>>>
>>>
>>> *Seun Ojedeji, Federal University Oye-Ekiti web:
>>> http://www.fuoye.edu.ng <http://www.fuoye.edu.ng> Mobile: +2348035233535 **alt
>>> email: <http://goog_1872880453>seun.ojedeji at fuoye.edu.ng
>>> <seun.ojedeji at fuoye.edu.ng>*
>>>
>>> Bringing another down does not take you up - think about your action!
>>>
>>>
>>> _______________________________________________
>>> ALAC mailing list
>>> ALAC at atlarge-lists.icann.org
>>> https://atlarge-lists.icann.org/mailman/listinfo/alac
>>>
>>> At-Large Online: http://www.atlarge.icann.org
>>> ALAC Working Wiki:
>>> https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
>>
>>
>> --
>> Olivier MJ Crépin-Leblond, PhDhttp://www.gih.com/ocl.html
>>
>>
> --
> Olivier MJ Crépin-Leblond, PhDhttp://www.gih.com/ocl.html
>
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
>
> At-Large Online: http://www.atlarge.icann.org
> ALAC Working Wiki:
> https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20190506/b28a9b4f/attachment.html>