[dns-operations] Call for Papers: NDSS Workshop on DNS Privacy
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed Dec 14 10:14:31 UTC 2016
Please consider submitting to the NDSS First Workshop on DNS Privacy
(DPRIV17).
The call for papers is here: DPRIV17
<https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/dns-privacy-workshop-2017-call-papers>.
Location and Important dates:
Workshop Location: San Diego, CA, USA
Workshop date: 2017-02-26 (co-located with NDSS 2017)
Submissions: 2017-01-09 anywhere-on-earth
Final date for notifications and invitations to present at the workshop:
2017-02-03
Submissions may be new papers, papers already published, Short Papers, or
Position Papers. Also, please contact the TPC chairs if you want to
suggest a panel.
------------
*Workshop on DNS Privacy DPRIV17 (#NoMoreCowbell)*
BackgroundDNS Privacy has been a growing concern of the IETF and others in
the Internet engineering community for the last few years. Almost every
activity on the Internet starts with a DNS query (and often several).
- Those queries can reveal not only what websites an individual visits
but also metadata about other services such as the domains of email
contacts or chat services.
- Whilst the data in the DNS is public, individual DNS transactions made
by an end user *should not* be public.
- Today, however DNS queries are sent in *clear text* (using UDP or TCP)
which means passive eavesdroppers can observe all the DNS lookups
performed.
- The DNS is a globally distributed system that crosses international
boundaries and often uses servers in many different countries in order to
provide resilience.
- It is well known that the NSA used the MORECOWBELL tool to perform
mass surveillance of DNS traffic, and other surveillance techniques
involving DNS almost certainly are in play today.
- Some ISPs embed user information (e.g. a user ID or MAC address)
within DNS queries that go to the ISP’s resolver in order to provide
services such as Parental Filtering. This allows for fingerprinting of
individual users.
- Some CDNs embed user information (e.g. client subnets) in queries from
resolvers to authoritative servers (to geo-locate end users). This allows
for correlation of queries to particular subnets.
- Some ISPs log DNS queries at the resolver and share this information
with third-parties in ways not known or obvious to end users.
The IETF's DPRIVE (*D*NS *PRIV*ate *E*xchange) Working Group has taken
initial protocol steps to address these concerns (with much of the early
work focussing on the stub to resolver problem), publishing DNS Privacy
Considerations (RFC 7626), Specification for DNS over Transport Layer
Security (RFC 7858), and The EDNS(0) Padding Option (RFC 7830), and DNS
Query Name Minimisation to Improve Privacy (RFC 7816). However because of
the great diversity of the DNS ecosystem, and the pervasive role of DNS and
domain names in Internet applications and security, much is not fully
understood or resolved.
The goal of this workshop is to bring together privacy and Internet
researchers with a diversity of backgrounds and views, to identify
promising long-term mitigations of the broad space of DNS privacy risks.
More information about the dns-operations
mailing list