NDSS

Workshop on DNS Privacy: Measuring deployment and effectiveness of encrypted DNS

Background

The landscape around DNS Privacy has changed dramatically in the last few years, with tremendous developments in multiple areas. These include:

  • Many new Internet Standards from the IETF primarily focussed on stub-to-recursive resolution privacy
    • DPRIVE WG
      • DNS-over-TLS (RFC7858)
      • BCP: Recommendations for DNS Privacy Operators (RFC8932)
    • DOH WG – DNS-over-HTTP (RFC8484)
    • DNSOP WG – QNAME Minimisation (RFC7816)
  • Implementation of the new standards in the vast majority of Open Source DNS software
  • Multiple recursive operators offering encrypted DNS services on both Public Resolvers and major ISP networks
  • All major browsers supporting DoH (with varying policies)
  • Major operating systems are in the process of offering encrypted DNS e.g. Microsoft’s Windows Native DoH and Apple’s DoH/DoT API
  • Ongoing work in the IETF
    • ADD WG – work in progress on Adaptive DNS Discovery mechanism
    • DPRIVE WG – proposals for
      • How to encrypt recursive to Authoritative resolution
      • How to encrypt zone transfers
      • DNS-over-QUIC
    • Complementary technologies e.g. TLS Encrypted Client Hello (ECH).

However numerous challenges remain, including:

  • The path to encryption of DNS by default, both for stub to recursive and recursive to authoritative
  • Transparency of operator management of DNS data.
  • Blocking of newer encryption technologies, including DoT and DoH, in certain environments (from local networks to nation state level)
  • User engagement and understanding of “Encrypted DNS”

This workshop will allow participants to contribute to the accelerating progress of DNS privacy technologies and deployment throughout the Internet. We aim to bring together a quorum to discuss these technologies, both established and emerging. One special focus will be the contributions that DNS privacy makes in civil society applications, in conjunction with related and newer technology such as Encrypted Client Hello.

Call for Submissions

We welcome submissions in the form of research papers, short papers, or draft presentations concerning all aspects of the threats, the protocols, and future design spaces of DNS privacy or the privacy of adjacent protocols. Usability, traceability, measurement and analytical evaluations are particularly encouraged. Research papers may also cover the equivalent privacy topics concerning domain name metadata of other infrastructure protocols such as WebPKI, DHCP, DIAMETER, etc. where the authors are willing to discuss the interrelation of these other protocols with DNS in the infrastructure. Submissions should address impacts and effectiveness of DNS Privacy in the context of usable privacy and/or civil society.

Submissions should be sent to: https://dnspriv21.hotcrp.com/

Potential Topics

  • Measurements of DoT and DoH (if reviously published, updates on results are welcome)
  • Encrypted Client Hello (ECH): DNS privacy aspects of DNS SVCB and HTTPS
  • DNS Zone Transfer over TLS (XoT)
  • DNS privacy and censorship circumvention
  • Real-world deployments of DNS Privacy technologies
  • DNS privacy operator best practices and experiences
  • Traffic analysis of DNS encryption
  • Privacy versus DNS consolidation
  • Realtime privacy inspectors such such as Project Blacklight and DNS privacy
  • Privacy implications of DNS over QUIC
  • Evolving threat model

Submission and Proceedings Details

Submissions will not be anonymous.

Types of submission:

  • Previously published paper – with a 2 page cover letter describing how the presentation will be updating or focusing for the workshop. Your paper needs to be available in some freely available format.
  • New full paper – up to 12 pages, not counting well-marked appendices. Appendices are unlimited in length; however, Workshop Technical Program Committee members may base their decisions solely on the contents of the main bodies of submissions.
  • New preliminary or work-in-progress paper – not fewer than 5 pages. If accepted, these will appear in the proceedings with a label of the authors’ choice, to facilitate classifications as preliminary work under the policies of other conference organizations.
  • Slides-only – this must be detailed and in the range of 20-30 pages of PDF slides. The evaluation will be based only on the content of the slides.

We expect to be flexible on length and format given relevant submissions.

We will publish proceedings online as in the past. All material will be linked there a few days ahead of the workshop.

Location and Important Dates

Online, virtual conference.

  • CFP (including confirmed PC member list) – late-November
  • Submissions due – 8 January 2021
  • Acceptances sent out – mid/late January 2021
  • Presentation materials due – 15 February 2021
  • Workshop – 21 February 2021

Technical Program Committee

  • Allison Mankin (Salesforce) – co-chair
  • Sara Dickinson (Sinodun IT) – co-chair
  • Shivan Sahib (Salesforce) – co-chair
  • Amelia Andersdotter (CENTR)
  • Benno Overiender (NLnet Labs)
  • Gurshabad Grover (Center for Internet and Society)
  • Melinda Shore (Fastly)
  • Nick Feamster (University of Chicago)
  • Phillip Winter (The Tor Project)
  • Sandra Siby (EPFL)
  • Tommy Pauly (Apple)