Bonjour, Montréal ! First "real" start of

Today, I stay at ANRW (many interesting research talks) and dnsop (the working group of everything DNS-related).

First, advivces for academics who want to bring work to the : "Internet-Drafts need to be watered and fed" (don't assume it is a fire-and-forget process).

Afficher le fil de discussion

Now, reasearch talks. First, the talks. (Reminder: QUIC is a layer-4 protocol, a competitor of good old TCP.)

Fabio Bulgarella starts with performance measurements, using two of the three reserved bits (the contentious bits that QUIC exposes to the lower layers), specially the "delay bit". This addresses the limits of the QUIC "spin bit".

Measurements done with the Mininet simulator

Now, revisiting the performance comparisons of HTTP-over-QUIC vs. HTTP-over-TLS-over-TCP. Were there fair?

Not really, specially when you compare commercial Web sites, with all their dependencies. As always with performance measurements, this is complicated.

But QUIC is still faster, even with a fairer comparison.

Afficher le fil de discussion

interception: who is answering my queries?

Internet access providers, governments, antivirus software and of course malware intercept DNS requests and send false replies.

How to measure its prevalence? Check at the auth. server if there is a request and where does it come from. Careful: interception policy may depend on many things (qtype, TLD in the qname, DNS resolver, etc).

Afficher le fil de discussion

7 % AS do it world-wide (17 % in China). So, it is common. Funnily, very often, responses are NOT tampered with.

Solutions: validation on the client, encrypted DNS

Afficher le fil de discussion

Oblivious DNS, a protocol for protecting privacy on the

Existing privacy techniques do not protect against the resolver. The resolver stills sees everything.

Solution: encrypted DNS-over-DNS tunnel between the client and the Oblivious DNS server (which pretends to be auth. but is actually the real resolver). It will see the query but not the user, and the default resolver wll see the user but not the query.

Implemented in Go. Good performances.

Afficher le fil de discussion

Performances of ( over HTTPS) and (DNS over TLS). Does it have consequences on user experience?

DoH (and DoT) can be, in some cases, *faster* than traditional DNS, thanks to the use of TCP.

Afficher le fil de discussion

"What time is it?" or the nightmare of timezones on the Internet.

(The skip day at Samoa:

348 records in the TimeZone Database. SOmetimes, changes are announced at the last moment (Turkey, 2015, because of elections) and need to be propagated rapidly.

The speaker (Sathiya Kumaran) analyzed the entire history of the database, 26 years!

And of the mailing list: huge increase in the number of contributors.

Afficher le fil de discussion

No surprise, changes in Daylight Savings Time are correlated to external political events (WW1, WW2 1973 oil embargo, Energy Policy Act in the US)

Also, 19 % of the changes are corrections to previous changes, which were incomplete or wrong.

Recommendation: more formalization of the process, with safeguards against malicious updates. (There never was one malicious change.)

Afficher le fil de discussion

DNSOP (everything ) meeting at . The draft about the .alt TLD (for name resolution not using the DNS, to avoid protocols requesting a TLD) is not dead but not alive either.

Afficher le fil de discussion

@bortzmeyer The Necronomicon mentionned this draft: ”That is not dead which can eternally lie...”.

that sounds weird. I will look it up if recording is available.

Inscrivez-vous pour prendre part à la conversation
Mastodon - Gougère Network

Le réseau social de l'avenir : Pas d'annonces, pas de surveillance institutionnelle, conception éthique et décentralisation ! Possédez vos données avec Mastodon !