Now on stage Sara Dickinson, about #DNS #privacy (in english, too). https://dnsprivacy.org/ #RMLL2017

Snowden was nice enough to publish the NSA documents just one month before the publication of #IETF #RFC 6973 "Privacy considerations in Internet protocols". #timing #PR #RMLL2017

The Internet is a leaky boat. Information comes out by many means (DNS, SNI, timing, metadata…) #privacy #RMLL2017

#DNS leaks are exploited (#NSA MoreCowBell program). #privacy #RMLL2017

Many people can see your DNS requests: resolver sysadmin, authoritative sysadmins, and of course the sniffers (and the DNS requests can travel far). #privacy #RMLL2017

Some #DNS extensions (client subnet…) may make things much worse, #privacy-wise. #RMLL2017

To summarize: operators can (and do) see and log your #DNS queries, and one can extract a lot of info from it (reidentification). #privacy #RMLL2017

Solutions against #DNS leakage: #IETF DPRIVE working group, its #RFC 7626 (problem analysis, rebuts the "alleged public nature of DNS data" myth). #privacy #RMLL2017

Several technical solutions were considered at the #IETF. The choice was DNS-over-TLS-over-new-port. #teamPort853 #privacy #TLS Does not solve everything: timing and sizes are still there. #RMLL2017

As my grand-mother used to say, "encrypting is easy, authenticating is difficult". Sara Dickinson now explains the possible choices for DNS-over-TLS auth. Strict or opportunistic? #Mallory #ManInTheMiddle #privacy #RMLL2017