A Wider Shade of DoH (denog11)

We will look into the topic of encrypted DNS, the mesh of interests, concentration on the Internet, dramatic power shifts and long term architectural and policy consequences. DoH (DNS over https) had been a joke amongst engineers - cynically admitting that "everything" is going to be "tunneled thru" http anyway - long before standardization efforts were launched in the Internet Engineering Task Force (IETF). Consequently, the specification is lean and straightforward, but the idea faced significant pushback from operations and security communities. In parallel, the DNS community in the IETF has been developing two more DNS encryption standards to address "pervasive monitoring". One of the two, DNS over TLS (DoT) is gaining attention and support, but the big question arising is whether the concept of "operating system" can survive the ever growing prevalence of "apps" and whether the name resolution is a function that should be controlled by the device owner, the enterprise network manager or the app vendor. At the same time, DoH accelerates the concentration in the DNS resolver market - a "market" that had only recently emerged and appears to transform a highly distributed technical function into an oligopoly with, in perspective, significant influence over the shape of the DNS namespace. It's time to differentiate between the technology, the policy and the economics and to stop barking the wrong tree(s) when it comes to assessing the bigger picture effects of "DoH" as proposed by the browser industry. about this event: https://pretalx.denog.de/denog11/talk/CYNLWC/