1 00:00:00,080 --> 00:00:02,020 Join us at The Hedge for a conversation 2 00:00:02,159 --> 00:00:03,060 about engineering, 3 00:00:03,439 --> 00:00:06,819 technology, and business. In this episode, Jeff Houston, 4 00:00:06,960 --> 00:00:09,199 Russ White, and Tom Ammon dig into the 5 00:00:09,199 --> 00:00:11,839 first part of their discussion of DNS over 6 00:00:11,839 --> 00:00:12,339 HTTPS. 7 00:00:24,394 --> 00:00:26,634 Good evening, Jeff. I think it's morning for 8 00:00:26,634 --> 00:00:28,814 you in Australia because you're upside down. 9 00:00:30,199 --> 00:00:32,200 It is morning. I'm on my head, but 10 00:00:32,200 --> 00:00:33,420 the sun is out. Yes. 11 00:00:34,520 --> 00:00:36,359 What you see above, Jeff, which you can't 12 00:00:36,359 --> 00:00:37,820 really see is actually 13 00:00:38,120 --> 00:00:40,940 the floor. Just don't tell anybody that. 14 00:00:43,774 --> 00:00:44,994 Tom, how are you tonight? 15 00:00:45,615 --> 00:00:46,914 I'm doing fine. 16 00:00:47,295 --> 00:00:48,435 Good. Good. So 17 00:00:49,135 --> 00:00:51,135 This on this episode of the hedge. We're 18 00:00:51,135 --> 00:00:52,515 here to talk about dough 19 00:00:52,815 --> 00:00:54,494 If you say it real fast 10 times, 20 00:00:54,494 --> 00:00:56,034 you'll understand what it means 21 00:00:56,575 --> 00:00:57,075 dough 22 00:00:59,780 --> 00:01:01,079 DNS over https 23 00:01:01,859 --> 00:01:04,420 and, Jeff wrote an article in the Internet 24 00:01:04,420 --> 00:01:06,500 Protocol Journal, which was really really good. And 25 00:01:06,500 --> 00:01:07,540 by the way, if you don't read the 26 00:01:07,540 --> 00:01:09,400 Internet Protocol Journal, you should 27 00:01:10,260 --> 00:01:13,055 it's an occasional. I don't know that Olay 28 00:01:13,055 --> 00:01:15,854 does, I'm not sure how consistent Olay publishes 29 00:01:15,854 --> 00:01:17,935 it. But when it does come out, it 30 00:01:17,935 --> 00:01:19,694 generally has very good articles in it like 31 00:01:19,694 --> 00:01:22,194 this one by Jeff. It's well worth reading. 32 00:01:22,894 --> 00:01:24,655 So, Jeff, talk to us about dough a 33 00:01:24,655 --> 00:01:26,515 little bit. Tell us what it is, 34 00:01:27,000 --> 00:01:29,319 And then we can back into trying to 35 00:01:29,319 --> 00:01:30,780 understand some of the architectural 36 00:01:31,079 --> 00:01:33,340 issues and stuff that's going on there 37 00:01:33,959 --> 00:01:36,780 Okay, you know, thanks Russ and, good morning. 38 00:01:37,799 --> 00:01:38,620 You and John 39 00:01:40,055 --> 00:01:40,555 Look, 40 00:01:40,855 --> 00:01:43,575 it's one of those really simple acronyms. It's 41 00:01:43,575 --> 00:01:44,075 DNS 42 00:01:44,614 --> 00:01:45,114 over 43 00:01:46,055 --> 00:01:46,555 HTTPS. 44 00:01:48,775 --> 00:01:50,715 Now you kinda go It's really Doze. 45 00:01:51,479 --> 00:01:53,819 Doze, I suppose, if you stress the s. 46 00:01:54,119 --> 00:01:56,920 But these days, HTTP is so yesterday. None 47 00:01:56,920 --> 00:01:58,280 of us are allowed to use it. So, 48 00:01:58,280 --> 00:02:00,379 you know, as soon as you say HTTP, 49 00:02:00,439 --> 00:02:01,340 you mean HTTPS. 50 00:02:04,355 --> 00:02:05,655 That sounds innocuous, 51 00:02:06,115 --> 00:02:06,615 and 52 00:02:06,995 --> 00:02:08,855 to some extent, it is. 53 00:02:10,594 --> 00:02:13,655 You might recall various little tools and techniques 54 00:02:14,194 --> 00:02:17,074 to get past firewalls going back almost twenty 55 00:02:17,074 --> 00:02:17,520 years, 56 00:02:18,400 --> 00:02:21,300 where we actually managed to get IP itself 57 00:02:21,919 --> 00:02:22,740 stuffed into 58 00:02:23,040 --> 00:02:23,540 HTTPS. 59 00:02:24,960 --> 00:02:27,120 What's that? IPH, I suppose, is the way 60 00:02:27,120 --> 00:02:28,800 you'd like to call it. And doing the 61 00:02:28,800 --> 00:02:29,939 DNS in HTTPS 62 00:02:30,319 --> 00:02:31,860 is certainly nothing new. 63 00:02:32,925 --> 00:02:34,685 And and to that extent, it's sort of, 64 00:02:34,685 --> 00:02:35,504 so what? 65 00:02:36,125 --> 00:02:36,625 But 66 00:02:37,004 --> 00:02:38,544 it became an RFC 67 00:02:39,164 --> 00:02:39,985 really quickly, 68 00:02:40,844 --> 00:02:43,264 about a year ago, 2018. 69 00:02:43,965 --> 00:02:45,584 And the IETF 70 00:02:45,884 --> 00:02:47,477 meeting in March 71 00:02:47,477 --> 00:02:48,509 2019 72 00:02:49,129 --> 00:02:50,430 had a session to 73 00:02:50,729 --> 00:02:52,969 talk about dough, you know, I think we 74 00:02:52,969 --> 00:02:54,270 need to talk about dough, 75 00:02:54,810 --> 00:02:56,909 and the room was certainly packed. 76 00:02:57,370 --> 00:02:59,069 And the conversation was, 77 00:03:00,569 --> 00:03:01,629 highly tensioned. 78 00:03:02,544 --> 00:03:04,405 There's a lot of feeling about dough. 79 00:03:05,025 --> 00:03:07,185 And So it's What's the problem we're trying 80 00:03:07,185 --> 00:03:09,125 to solve? I know one problem is 81 00:03:09,745 --> 00:03:11,604 people complain about middle boxes, 82 00:03:12,305 --> 00:03:13,604 messing around with DNS, 83 00:03:14,210 --> 00:03:16,129 and another problem people are fussing about is 84 00:03:16,129 --> 00:03:18,770 man in the middle attacks against dns. Right? 85 00:03:18,770 --> 00:03:20,310 Those those are kind of 86 00:03:20,689 --> 00:03:22,689 Those are my impression of where the problem 87 00:03:22,689 --> 00:03:24,770 people. Well, we have to go back to 88 00:03:24,770 --> 00:03:26,370 the the I think for the I t 89 00:03:26,370 --> 00:03:29,030 f the snowden leaks and those allegations were 90 00:03:29,504 --> 00:03:31,844 a defining moment for the IETF. 91 00:03:32,384 --> 00:03:34,224 I'm like, they'd had their moments before when 92 00:03:34,224 --> 00:03:37,525 they were asked to standardize various, eavesdropping protocols. 93 00:03:38,224 --> 00:03:39,905 And, you know, some of the really old 94 00:03:39,905 --> 00:03:42,419 gray beards might remember the CALEA fuss. 95 00:03:42,959 --> 00:03:45,039 They are whether the IETF was gonna work 96 00:03:45,039 --> 00:03:46,259 on standardizing, 97 00:03:47,759 --> 00:03:50,819 tapping protocols in in the media gateway controllers. 98 00:03:51,280 --> 00:03:53,379 And it goes back further even to Raven? 99 00:03:54,344 --> 00:03:56,665 Yeah. All of those old debates. So so 100 00:03:56,665 --> 00:03:57,325 up comes 101 00:03:57,784 --> 00:03:58,925 up comes Snowden. 102 00:03:59,385 --> 00:04:01,944 And what emerges, of course, is this huge 103 00:04:01,944 --> 00:04:02,444 amount 104 00:04:02,905 --> 00:04:03,405 of 105 00:04:03,865 --> 00:04:04,685 state surveillance, 106 00:04:06,280 --> 00:04:08,620 in amongst and trying to find some oxygen 107 00:04:08,759 --> 00:04:11,180 from all the commercial surveillance that happens anyway. 108 00:04:12,439 --> 00:04:14,539 But some of the reactions to this 109 00:04:15,239 --> 00:04:18,540 was a long hard look at the IETF 110 00:04:18,759 --> 00:04:19,660 standard protocols 111 00:04:20,519 --> 00:04:21,819 with the view of saying, 112 00:04:22,545 --> 00:04:24,564 if you were a reasonably 113 00:04:25,264 --> 00:04:26,564 resourced observer 114 00:04:27,345 --> 00:04:28,644 and you had access 115 00:04:29,105 --> 00:04:31,345 to wires, to routers, whatever, you had access 116 00:04:31,345 --> 00:04:32,004 to infrastructure, 117 00:04:32,785 --> 00:04:34,625 how much could you see with not a 118 00:04:34,625 --> 00:04:35,444 lot of effort? 119 00:04:36,569 --> 00:04:38,829 And, of course, the results are quite surprising. 120 00:04:38,889 --> 00:04:40,189 If you're using unencrypted 121 00:04:40,569 --> 00:04:41,069 HTTP, 122 00:04:41,689 --> 00:04:44,029 there's a huge amount this is sitting there. 123 00:04:44,250 --> 00:04:47,550 But equally, if you're using the standard DNS, 124 00:04:48,490 --> 00:04:49,389 which is open, 125 00:04:49,849 --> 00:04:50,349 unencrypted, 126 00:04:51,365 --> 00:04:53,465 runs on UDP port 53, 127 00:04:54,165 --> 00:04:56,085 then you can see all the queries and 128 00:04:56,085 --> 00:04:59,384 all the answers. You kinda go, well, boring, 129 00:05:00,085 --> 00:05:00,904 not boring. 130 00:05:01,845 --> 00:05:03,944 Almost everything that you and I do 131 00:05:04,564 --> 00:05:05,785 starts as a name, 132 00:05:06,189 --> 00:05:08,930 even the ads. And your machine 133 00:05:09,230 --> 00:05:12,029 translates the DNS label, or part of that 134 00:05:12,029 --> 00:05:14,509 name, into an IP address and then goes, 135 00:05:14,509 --> 00:05:16,269 well, okay. Make a connection. Off we go. 136 00:05:16,269 --> 00:05:17,490 Let's do fun stuff. 137 00:05:18,504 --> 00:05:20,045 So if I had 138 00:05:20,584 --> 00:05:21,964 an up to the second 139 00:05:22,584 --> 00:05:23,084 record 140 00:05:23,944 --> 00:05:25,245 of all of your queries 141 00:05:25,545 --> 00:05:26,845 as you make them, 142 00:05:28,024 --> 00:05:29,245 I know what you're doing. 143 00:05:29,625 --> 00:05:30,925 I know who you are. 144 00:05:31,430 --> 00:05:32,789 I think I can put you into a 145 00:05:32,789 --> 00:05:33,289 profile. 146 00:05:33,990 --> 00:05:35,610 I think I understand you. 147 00:05:36,069 --> 00:05:37,990 And if I work just a tiny bit 148 00:05:37,990 --> 00:05:39,990 harder, I think I know what you're gonna 149 00:05:39,990 --> 00:05:40,649 do next. 150 00:05:41,430 --> 00:05:43,875 Now that's kinda chilling in so many ways 151 00:05:44,355 --> 00:05:46,435 because all you're doing is just playing on 152 00:05:46,435 --> 00:05:47,014 your computer, 153 00:05:47,714 --> 00:05:51,074 yet the sort of data exhaust, the fumes 154 00:05:51,074 --> 00:05:52,935 that come out of your digital wire 155 00:05:53,394 --> 00:05:54,295 are astonishingly 156 00:05:54,675 --> 00:05:55,574 rich in information. 157 00:05:56,520 --> 00:05:57,259 And so 158 00:05:57,960 --> 00:05:59,480 the the move was on at that point 159 00:05:59,480 --> 00:06:01,399 to harden up our protocols and one of 160 00:06:01,399 --> 00:06:03,960 the places we wanted to harden up, was 161 00:06:03,960 --> 00:06:05,180 the DNS itself. 162 00:06:05,800 --> 00:06:08,759 So the sort of Uber the overall project 163 00:06:08,759 --> 00:06:10,245 was called DNS privacy, 164 00:06:10,785 --> 00:06:13,264 and there are a number of approaches that 165 00:06:13,264 --> 00:06:15,584 have been made to try and improve the 166 00:06:15,584 --> 00:06:17,604 DNS to make it not impossible, 167 00:06:17,985 --> 00:06:20,305 certainly not impossible to look at, but to 168 00:06:20,305 --> 00:06:21,125 make it harder. 169 00:06:21,745 --> 00:06:24,160 There's no absolutes in this world, but if 170 00:06:24,160 --> 00:06:25,920 it costs you a large sum of money 171 00:06:25,920 --> 00:06:27,839 to see what I'm doing, you won't do 172 00:06:27,839 --> 00:06:30,319 it casually. You might still do it, but 173 00:06:30,319 --> 00:06:32,000 it won't be a casual decision. If it's 174 00:06:32,000 --> 00:06:33,199 gonna cost you a lot of money to 175 00:06:33,199 --> 00:06:34,879 find out what I'm doing, you're gonna figure 176 00:06:34,879 --> 00:06:36,500 out whether you wanna do it or not. 177 00:06:36,720 --> 00:06:38,745 And that's kinda where this work started. 178 00:06:39,704 --> 00:06:40,204 So 179 00:06:40,584 --> 00:06:42,104 the first thing was, well, what can we 180 00:06:42,104 --> 00:06:43,805 do about the DNS? Well, 181 00:06:44,185 --> 00:06:45,964 it's an awfully chatty protocol, 182 00:06:46,745 --> 00:06:48,764 but it chats in the clear. 183 00:06:49,625 --> 00:06:51,245 So can we 184 00:06:51,625 --> 00:06:53,884 kind of make it chat down an encrypted 185 00:06:54,104 --> 00:06:54,604 wire? 186 00:06:55,759 --> 00:06:58,000 And the answer, surprisingly, or maybe not so 187 00:06:58,000 --> 00:07:00,000 surprisingly, is sort of, you know, yeah, we 188 00:07:00,000 --> 00:07:00,500 can. 189 00:07:01,279 --> 00:07:02,660 And this started 190 00:07:03,279 --> 00:07:07,199 the entire issue of DNS over something other 191 00:07:07,199 --> 00:07:08,339 than open UDP. 192 00:07:09,600 --> 00:07:10,100 Now 193 00:07:11,464 --> 00:07:13,545 right at the word go, the DNS actually 194 00:07:13,545 --> 00:07:16,285 had two transport protocols, TCP and UDP. 195 00:07:16,824 --> 00:07:19,884 We used UDP because it was fast, efficient, 196 00:07:20,185 --> 00:07:22,585 lightning quick, just the thing you need for 197 00:07:22,585 --> 00:07:23,245 the DNS. 198 00:07:24,550 --> 00:07:27,430 Oddly enough, it's also really easy for a 199 00:07:27,430 --> 00:07:28,810 third party to manipulate, 200 00:07:29,509 --> 00:07:30,009 alter, 201 00:07:30,310 --> 00:07:30,810 fake, 202 00:07:31,350 --> 00:07:34,389 and generally make a menace of themselves because 203 00:07:34,389 --> 00:07:35,129 it's UDP. 204 00:07:36,149 --> 00:07:38,229 I send out a query to a supposed 205 00:07:38,229 --> 00:07:39,050 IP address. 206 00:07:39,875 --> 00:07:41,175 I get back an answer 207 00:07:41,634 --> 00:07:43,495 from a supposed IP address. 208 00:07:44,675 --> 00:07:45,654 Is the machine 209 00:07:46,435 --> 00:07:49,235 that is faking the answer the machine I 210 00:07:49,235 --> 00:07:51,415 sent the the query to? I don't know. 211 00:07:52,194 --> 00:07:53,495 Is this a real answer? 212 00:07:53,955 --> 00:07:54,855 I don't know. 213 00:07:55,229 --> 00:07:56,449 Should I trust it? 214 00:07:57,229 --> 00:07:59,470 Well, everyone does all of the time. Well, 215 00:07:59,470 --> 00:08:02,269 doesn't doesn't DNSSEC solve that problem, though, that 216 00:08:02,269 --> 00:08:03,250 particular problem? 217 00:08:03,870 --> 00:08:06,029 Look. If if everyone signed, if we're in 218 00:08:06,029 --> 00:08:07,089 the room of DNSSEC, 219 00:08:07,595 --> 00:08:09,355 I would say that's a whole lot better 220 00:08:09,355 --> 00:08:10,735 than the room we're in now, 221 00:08:11,115 --> 00:08:14,175 but no one signs their domains with DNSSEC. 222 00:08:14,715 --> 00:08:16,475 So an awful lot of focus sitting there 223 00:08:16,475 --> 00:08:18,395 with the magnifying glass going, if you sign 224 00:08:18,395 --> 00:08:19,455 it, I can check it. 225 00:08:19,930 --> 00:08:22,730 But if no one signs so what well 226 00:08:22,730 --> 00:08:25,129 and beyond that even I think even going 227 00:08:25,129 --> 00:08:27,949 to that point Even if everybody did sign 228 00:08:28,089 --> 00:08:29,850 you still could do man man in the 229 00:08:29,850 --> 00:08:32,110 middle attacks from what I understand well 230 00:08:32,730 --> 00:08:34,409 Okay, this is one of these but you 231 00:08:34,409 --> 00:08:34,909 could 232 00:08:35,315 --> 00:08:36,914 But this is one of these age old 233 00:08:36,914 --> 00:08:39,014 tensions between security and speed. 234 00:08:39,475 --> 00:08:39,975 Right. 235 00:08:40,514 --> 00:08:41,975 Over in browser land, 236 00:08:42,355 --> 00:08:44,454 they talk about the billion dollar millisecond. 237 00:08:45,875 --> 00:08:47,634 And at one point, you know, one of 238 00:08:47,634 --> 00:08:49,394 the browser folk had even toyed with the 239 00:08:49,394 --> 00:08:51,620 concept of putting the DNS right inside the 240 00:08:51,620 --> 00:08:54,120 browser because it would just shave off milliseconds. 241 00:08:54,980 --> 00:08:56,980 They do all kinds of weird and wacko 242 00:08:56,980 --> 00:08:57,480 tricks. 243 00:08:59,459 --> 00:09:02,360 If you want to validate your DNS responses, 244 00:09:03,539 --> 00:09:05,079 you better bring a packed lunch 245 00:09:06,034 --> 00:09:09,315 and possibly a few supplies because your web 246 00:09:09,315 --> 00:09:09,815 experience 247 00:09:10,274 --> 00:09:12,375 is about to get an awful lot slower. 248 00:09:12,595 --> 00:09:15,095 And and no one's willing to go there. 249 00:09:15,394 --> 00:09:17,074 Right. So, you know, you might say, well, 250 00:09:17,074 --> 00:09:18,294 let's all use DNSSEC. 251 00:09:19,200 --> 00:09:21,519 But in a world where one second is 252 00:09:21,519 --> 00:09:23,540 regarded as an as an eternity, 253 00:09:23,920 --> 00:09:26,019 you know, just no one's gonna do it. 254 00:09:26,559 --> 00:09:27,059 So, 255 00:09:28,160 --> 00:09:30,399 okay, we need something different. We need something 256 00:09:30,399 --> 00:09:33,055 a bit better. We need something that's fast 257 00:09:33,195 --> 00:09:35,434 and certainly no slower than the DNS as 258 00:09:35,434 --> 00:09:36,495 we understand it, 259 00:09:36,795 --> 00:09:39,595 but doesn't kind of broadcast what you're doing 260 00:09:39,595 --> 00:09:41,215 to your neighbors, your ISP, 261 00:09:41,675 --> 00:09:43,355 and and various other folk who have an 262 00:09:43,355 --> 00:09:44,759 interest in seeing what you're doing. 263 00:09:45,720 --> 00:09:47,580 And the approach started, 264 00:09:48,040 --> 00:09:49,179 I suppose, innocuously, 265 00:09:50,040 --> 00:09:51,019 like all things. 266 00:09:52,040 --> 00:09:54,040 You have to break down the DNS into 267 00:09:54,040 --> 00:09:55,340 two parts of a conversation. 268 00:09:56,279 --> 00:09:58,860 There's me and you out at the end. 269 00:09:59,654 --> 00:10:01,735 And pretty typically, when we turn on our 270 00:10:01,735 --> 00:10:02,235 machines, 271 00:10:03,095 --> 00:10:06,214 our infrastructure, the normally, the Internet service provider 272 00:10:06,214 --> 00:10:08,214 says, hi. Here's an address for you to 273 00:10:08,214 --> 00:10:09,815 use. Here's you know how to get started. 274 00:10:09,815 --> 00:10:10,634 By the way, 275 00:10:11,174 --> 00:10:13,449 I've rigged up some DNS resolvers, what we 276 00:10:13,449 --> 00:10:14,829 call recursive resolvers. 277 00:10:15,610 --> 00:10:18,649 Load those IP addresses into your machine, and 278 00:10:18,649 --> 00:10:20,990 whenever you have a query, just ask us, 279 00:10:21,289 --> 00:10:22,509 and we'll give you the answer. 280 00:10:23,370 --> 00:10:25,549 And so that first hop 281 00:10:25,944 --> 00:10:28,365 is called the stub, me, 282 00:10:28,745 --> 00:10:30,444 the stub resolver, the endpoint, 283 00:10:31,065 --> 00:10:33,485 to the first piece of DNS machinery 284 00:10:33,865 --> 00:10:36,924 that's doing the hard work, the recursive resolver. 285 00:10:38,730 --> 00:10:41,289 Most ISPs run recursive resolvers, and there are 286 00:10:41,289 --> 00:10:43,450 a few other big companies out there. 287 00:10:44,009 --> 00:10:45,370 Google springs to mind. 288 00:10:45,769 --> 00:10:46,990 Cisco bought OpenDNS. 289 00:10:47,850 --> 00:10:49,709 There's Quad nines. There's, 290 00:10:50,089 --> 00:10:50,589 Cloudflare. 291 00:10:51,129 --> 00:10:52,889 There's a bunch of these folks that also 292 00:10:52,889 --> 00:10:53,389 run 293 00:10:53,745 --> 00:10:55,125 open recursive resolvers. 294 00:10:55,664 --> 00:10:57,664 If you just do nothing, you're probably gonna 295 00:10:57,664 --> 00:10:59,345 run with the resolve that your ISP gave 296 00:10:59,345 --> 00:10:59,845 you. 297 00:11:00,304 --> 00:11:02,065 If you make an effort, you can go 298 00:11:02,065 --> 00:11:03,205 and use someone else's. 299 00:11:04,465 --> 00:11:07,610 Now the next step, recursive to the folk 300 00:11:07,610 --> 00:11:09,549 who really know the answer, the authoritatives, 301 00:11:10,250 --> 00:11:12,269 is not part of what we're talking about. 302 00:11:13,209 --> 00:11:15,450 So I ask recursive. The recursive asks the 303 00:11:15,450 --> 00:11:15,950 authoritatives. 304 00:11:16,490 --> 00:11:18,490 Let's just ignore that second part of the 305 00:11:18,490 --> 00:11:18,990 puzzle. 306 00:11:20,534 --> 00:11:22,534 It has its problems, but let's not talk 307 00:11:22,534 --> 00:11:24,534 about it today. Let's talk about the bit 308 00:11:24,534 --> 00:11:25,115 that matters, 309 00:11:25,495 --> 00:11:27,274 the bit where you know it's me, 310 00:11:27,815 --> 00:11:30,215 where Jeff is making queries, and it's pretty 311 00:11:30,215 --> 00:11:31,274 obviously Jeff. 312 00:11:31,654 --> 00:11:33,014 And what we're trying to do is to 313 00:11:33,014 --> 00:11:35,389 stop other folk from looking at Jeff making 314 00:11:35,389 --> 00:11:36,129 these queries. 315 00:11:36,750 --> 00:11:39,490 So what we'd like to do is encrypt 316 00:11:40,429 --> 00:11:42,370 the session between my machine 317 00:11:42,990 --> 00:11:45,089 and that recursive resolver over there. 318 00:11:46,110 --> 00:11:46,610 Now 319 00:11:47,394 --> 00:11:48,774 we spent a lot of time 320 00:11:49,154 --> 00:11:51,975 making sure that the web was secure using 321 00:11:52,434 --> 00:11:55,495 a thing called transport level security, TLS. 322 00:11:55,875 --> 00:11:57,954 Yep. It started off as a secure socket 323 00:11:57,954 --> 00:12:00,034 layer and then sort of morphed by name, 324 00:12:00,034 --> 00:12:02,774 but it's it's actually the same old stuff. 325 00:12:03,210 --> 00:12:05,309 And the way it works, of course, is 326 00:12:08,009 --> 00:12:10,029 when I open up a secure session, 327 00:12:10,730 --> 00:12:12,350 I first start in the clear 328 00:12:13,050 --> 00:12:14,190 and say, hi, 329 00:12:14,649 --> 00:12:16,190 Russ. Good to see you. 330 00:12:17,585 --> 00:12:19,684 I wanna connect to rus.net. 331 00:12:20,545 --> 00:12:21,764 And you go, 332 00:12:23,024 --> 00:12:23,524 okay. 333 00:12:24,465 --> 00:12:24,965 Here's 334 00:12:26,304 --> 00:12:27,285 a key 335 00:12:27,985 --> 00:12:29,365 for rus.net, 336 00:12:29,585 --> 00:12:31,125 and here's my certificate. 337 00:12:32,570 --> 00:12:34,889 And I go, well, fascinating. Why should I 338 00:12:34,889 --> 00:12:36,830 trust this random digital stuff? 339 00:12:37,370 --> 00:12:39,790 But luckily, I've got inside my machine 340 00:12:40,250 --> 00:12:42,350 about 1,500 trust points. 341 00:12:42,809 --> 00:12:44,990 And if I can make a secure 342 00:12:45,370 --> 00:12:46,429 chain of signing 343 00:12:47,434 --> 00:12:49,774 from one of my local trust points 344 00:12:50,554 --> 00:12:53,215 to the digital key that you've offered me, 345 00:12:53,914 --> 00:12:56,315 I believe that certificate, and I believe it's 346 00:12:56,315 --> 00:12:58,735 you, and I'm now talking to rush.net. 347 00:12:59,115 --> 00:13:01,274 You kinda go, well, so what? What about 348 00:13:01,274 --> 00:13:02,414 my Internet banking? 349 00:13:02,950 --> 00:13:04,309 You know? I'd like to know I'm talking 350 00:13:04,309 --> 00:13:06,409 to the right person. Offer me a certificate. 351 00:13:07,110 --> 00:13:09,429 But that's not all. Because at that point 352 00:13:09,429 --> 00:13:11,750 then, the two of us do a very 353 00:13:11,750 --> 00:13:14,490 rapid exchange and create a session key, 354 00:13:15,504 --> 00:13:17,204 And then all further communication 355 00:13:17,504 --> 00:13:20,324 is encrypted using that session key. 356 00:13:21,345 --> 00:13:23,584 The beauty of the session key is even 357 00:13:23,584 --> 00:13:25,904 if you know the public key of rust.net, 358 00:13:25,904 --> 00:13:27,720 it won't help you. And even if you 359 00:13:27,720 --> 00:13:29,980 know my public key, it won't help you. 360 00:13:30,360 --> 00:13:32,240 To actually break into that session, you need 361 00:13:32,240 --> 00:13:34,919 to have knowledge of private keys. And by 362 00:13:34,919 --> 00:13:35,419 definition, 363 00:13:35,879 --> 00:13:38,139 if you know my private key, you're me. 364 00:13:38,679 --> 00:13:41,240 So TLS, as far as we understand, and 365 00:13:41,240 --> 00:13:43,394 and with some caveats, TLS is a pretty 366 00:13:43,394 --> 00:13:44,134 good protocol. 367 00:13:44,595 --> 00:13:45,575 It better be 368 00:13:45,955 --> 00:13:46,455 because 369 00:13:46,914 --> 00:13:48,534 there's nothing else in the cupboard. 370 00:13:49,315 --> 00:13:50,995 Yeah. I was gonna say that's pretty much 371 00:13:50,995 --> 00:13:53,394 all you got. Right. It's kind of what's 372 00:13:53,394 --> 00:13:56,674 security on the Internet? TLS. Yeah. Well, what 373 00:13:56,674 --> 00:13:57,975 if TLS doesn't work? 374 00:13:58,409 --> 00:14:00,669 Jeez. You shouldn't have asked that question because, 375 00:14:00,809 --> 00:14:01,309 hey, 376 00:14:02,169 --> 00:14:02,829 no answer. 377 00:14:03,289 --> 00:14:03,789 Right? 378 00:14:04,730 --> 00:14:06,250 That's it. That's that's that's you have to 379 00:14:06,250 --> 00:14:07,069 live with it. 380 00:14:07,610 --> 00:14:10,329 So we wanted to encrypt the session between 381 00:14:10,329 --> 00:14:12,204 the stub and the recursive, and so you 382 00:14:12,204 --> 00:14:14,625 reach into the toolbox and you go, TLS. 383 00:14:15,725 --> 00:14:18,945 Now, TLS is a TCP protocol, 384 00:14:19,725 --> 00:14:20,544 not UDP, 385 00:14:21,324 --> 00:14:24,125 because this security association takes a little bit 386 00:14:24,125 --> 00:14:24,784 of handshaking, 387 00:14:25,289 --> 00:14:27,549 and there's kind of a shared crypto state. 388 00:14:28,009 --> 00:14:30,009 And while some folks spend a lot of 389 00:14:30,009 --> 00:14:31,929 time and a lot of effort trying to 390 00:14:31,929 --> 00:14:32,429 make 391 00:14:33,289 --> 00:14:33,789 UDP 392 00:14:34,490 --> 00:14:35,789 TLS work, 393 00:14:36,090 --> 00:14:37,870 DTLS, Datagram TLS, 394 00:14:39,125 --> 00:14:41,225 the results have been largely paperwork. 395 00:14:42,084 --> 00:14:44,644 As someone once described about the old ancient 396 00:14:44,644 --> 00:14:48,485 OSI protocols as vaporware about paperware, or was 397 00:14:48,485 --> 00:14:51,065 it the other way around? Paperware about paperware. 398 00:14:51,605 --> 00:14:53,924 DTLS is largely the same kind of, you 399 00:14:53,924 --> 00:14:54,745 know, e. 400 00:14:55,179 --> 00:14:56,399 Looks fine on paper, 401 00:14:57,019 --> 00:14:59,259 and that's all you get. So, okay, we're 402 00:14:59,259 --> 00:15:00,879 down in TCP land. 403 00:15:01,980 --> 00:15:05,600 Now this DNS over TLS excited some reaction, 404 00:15:05,820 --> 00:15:07,679 and one of the first of these was 405 00:15:08,379 --> 00:15:11,115 the DNS will melt because there are literally 406 00:15:11,174 --> 00:15:14,154 trillions of these tiny transactions every single day. 407 00:15:14,534 --> 00:15:16,294 And if all of the servers had to 408 00:15:16,294 --> 00:15:17,115 run TLS, 409 00:15:17,495 --> 00:15:19,355 all the recursives instead of UDP, 410 00:15:19,894 --> 00:15:22,054 obviously, they'd all die and go to silicon 411 00:15:22,054 --> 00:15:22,554 heaven. 412 00:15:23,690 --> 00:15:25,789 That's an odd statement to make 413 00:15:26,730 --> 00:15:27,230 because 414 00:15:27,850 --> 00:15:29,149 we use the web 415 00:15:29,529 --> 00:15:30,269 like crazy. 416 00:15:31,450 --> 00:15:33,370 And there are just as many short web 417 00:15:33,370 --> 00:15:36,345 sessions probably as there are DNS queries and 418 00:15:36,345 --> 00:15:38,264 answers. I was gonna say they probably were 419 00:15:38,264 --> 00:15:41,725 not paying attention to the work done around 420 00:15:41,784 --> 00:15:42,284 ILMP, 421 00:15:42,585 --> 00:15:43,325 for instance. 422 00:15:44,264 --> 00:15:46,684 Right. So we know how to make 423 00:15:47,304 --> 00:15:50,424 massive TLS work. Right. Right? Because the web 424 00:15:50,424 --> 00:15:53,199 is living proof that trillions of sessions a 425 00:15:53,199 --> 00:15:56,339 day Right. And not work. Very fast DNS 426 00:15:56,559 --> 00:15:58,419 to work at the same time. Yeah. 427 00:15:58,959 --> 00:15:59,860 Okay. So 428 00:16:00,480 --> 00:16:01,699 DNS over TLS 429 00:16:02,159 --> 00:16:04,240 looks pretty good, and and it kind of 430 00:16:04,240 --> 00:16:06,639 does a couple of things which are not 431 00:16:06,639 --> 00:16:07,459 bad at all. 432 00:16:09,404 --> 00:16:10,945 I know who am I talking to. 433 00:16:11,804 --> 00:16:13,644 If I say I'm going to CloudFlare, if 434 00:16:13,644 --> 00:16:15,565 I'm, say, the quad nine, I get back 435 00:16:15,565 --> 00:16:16,225 a certificate. 436 00:16:17,004 --> 00:16:19,584 And so my friendly local spook agency 437 00:16:20,580 --> 00:16:22,899 cannot fake it out unless they've been playing 438 00:16:22,899 --> 00:16:23,800 with my machine. 439 00:16:24,980 --> 00:16:28,100 Unless they've done the Kazakhstan thing and inserted 440 00:16:28,100 --> 00:16:30,040 a fake certificate on my machine, 441 00:16:30,420 --> 00:16:31,480 I can't be fooled. 442 00:16:32,180 --> 00:16:33,000 Now, okay, 443 00:16:34,024 --> 00:16:36,504 install faxes it, you're dead, fine, we all 444 00:16:36,504 --> 00:16:37,165 know that. 445 00:16:37,945 --> 00:16:38,925 But on the assumption, 446 00:16:39,305 --> 00:16:41,225 my machine is roughly as, you know, I 447 00:16:41,225 --> 00:16:42,985 configured it and I have trust points that 448 00:16:42,985 --> 00:16:44,904 I am prepared to trust, then I'm talking 449 00:16:44,904 --> 00:16:46,845 to whom I want to talk to and 450 00:16:47,589 --> 00:16:49,589 no one else can see it while I'm 451 00:16:49,589 --> 00:16:51,429 talking to it. So that traffic is a 452 00:16:51,429 --> 00:16:54,730 secret between me and my chosen recursive resolver. 453 00:16:55,350 --> 00:16:56,409 This sounds great. 454 00:16:57,269 --> 00:16:58,330 No one cared. 455 00:16:59,605 --> 00:17:01,924 And, again, this is kind of moving towards 456 00:17:01,924 --> 00:17:04,325 dough. Why did no one care? They're geek 457 00:17:04,325 --> 00:17:04,825 knobs. 458 00:17:06,085 --> 00:17:07,605 So there are, what, four and a half 459 00:17:07,605 --> 00:17:09,144 billion users out there. 460 00:17:10,005 --> 00:17:12,484 Roughly, how many are gonna configure DNS over 461 00:17:12,484 --> 00:17:13,945 TLS into their machines? 462 00:17:15,080 --> 00:17:15,740 I've got 463 00:17:16,359 --> 00:17:19,080 10 figures on my hand. Okay. I'll go 464 00:17:19,080 --> 00:17:19,580 10. 465 00:17:20,039 --> 00:17:22,920 Yeah. That's because, honestly, I don't. I don't 466 00:17:22,920 --> 00:17:25,240 know. You know what? It's hard, and it 467 00:17:25,240 --> 00:17:28,220 doesn't quite work. And and and and so 468 00:17:28,279 --> 00:17:30,765 it largely remained a paper exercise going, we 469 00:17:30,765 --> 00:17:32,305 could do this. Aren't we clever? 470 00:17:32,765 --> 00:17:34,225 But as a tool for the masses, 471 00:17:34,605 --> 00:17:36,845 nah. It was never gonna happen. So everyone 472 00:17:36,845 --> 00:17:37,585 just yawned. 473 00:17:38,525 --> 00:17:39,025 Now 474 00:17:39,565 --> 00:17:42,465 the move from DNS over TLS to DNS 475 00:17:42,525 --> 00:17:43,424 over HTTPS, 476 00:17:44,470 --> 00:17:45,769 in protocol terms, 477 00:17:46,309 --> 00:17:48,970 is about one millimeter to the left. 478 00:17:50,470 --> 00:17:52,150 You know, if you think about it, it's 479 00:17:52,150 --> 00:17:52,970 still TLS. 480 00:17:53,509 --> 00:17:55,350 I still know who I'm talking to. It's 481 00:17:55,350 --> 00:17:56,090 still encrypted. 482 00:17:58,825 --> 00:18:00,845 And inside DNS over HTTPS, 483 00:18:01,545 --> 00:18:04,365 the packets are actually wire format DNS, 484 00:18:04,904 --> 00:18:06,444 which is the same as HTTPS. 485 00:18:08,585 --> 00:18:09,085 So 486 00:18:09,464 --> 00:18:10,605 nothing's changed. 487 00:18:11,619 --> 00:18:13,880 You go, well, what's the fuss about? 488 00:18:15,059 --> 00:18:15,559 Okay. 489 00:18:16,099 --> 00:18:17,720 Next next issue. 490 00:18:18,899 --> 00:18:20,039 If all you're doing 491 00:18:20,659 --> 00:18:23,799 is playing with the operating system and changing 492 00:18:23,859 --> 00:18:26,005 the way your operating system talks to the 493 00:18:26,005 --> 00:18:26,984 recursive resolver, 494 00:18:28,164 --> 00:18:28,984 so what? 495 00:18:29,765 --> 00:18:31,605 But the folk who really took this up 496 00:18:31,605 --> 00:18:33,464 were the folk who deal in HTTPS, 497 00:18:34,164 --> 00:18:36,345 otherwise known as the browser people. 498 00:18:37,619 --> 00:18:39,619 Now the browser people have a number of 499 00:18:39,619 --> 00:18:40,119 motivations. 500 00:18:41,140 --> 00:18:43,799 And in some ways, they're very worthy motivations, 501 00:18:44,980 --> 00:18:46,440 but they have their own motivations. 502 00:18:47,460 --> 00:18:49,160 They don't trust the platform. 503 00:18:50,325 --> 00:18:51,304 If you're Firefox, 504 00:18:52,085 --> 00:18:54,904 you're my customer. You're Firefox's customer. 505 00:18:55,204 --> 00:18:57,684 You're me, and I don't really care what 506 00:18:57,684 --> 00:19:00,005 the underlying Android or Apple or anything else 507 00:19:00,005 --> 00:19:00,664 is doing. 508 00:19:01,444 --> 00:19:03,784 I, Firefox, am here to protect you. 509 00:19:04,400 --> 00:19:05,779 So I want control. 510 00:19:06,720 --> 00:19:09,679 I want to make your browsing experience one 511 00:19:09,679 --> 00:19:11,059 that I control. 512 00:19:11,919 --> 00:19:13,059 I don't wanna leak. 513 00:19:13,599 --> 00:19:14,819 I don't wanna gratuitously 514 00:19:15,119 --> 00:19:16,019 send out information, 515 00:19:17,134 --> 00:19:19,875 and I wanna be fast. I want control. 516 00:19:20,894 --> 00:19:22,654 So you've offered me a way to do 517 00:19:22,654 --> 00:19:23,954 DNS over HTTPS, 518 00:19:25,294 --> 00:19:27,794 and I am an HTTPS engine. 519 00:19:28,575 --> 00:19:29,075 Well, 520 00:19:29,500 --> 00:19:31,740 marriage made in heaven. Let me do your 521 00:19:31,740 --> 00:19:32,799 DNS for you. 522 00:19:33,179 --> 00:19:35,039 So then why not just stick the resolver 523 00:19:35,099 --> 00:19:37,579 in the browser itself? That's what we're talking 524 00:19:37,579 --> 00:19:40,059 about. So that's what the whole angst is 525 00:19:40,059 --> 00:19:40,720 all about. 526 00:19:41,019 --> 00:19:43,099 The resolver gets stuck in the browser. Now 527 00:19:43,099 --> 00:19:43,839 the browser 528 00:19:44,785 --> 00:19:46,884 now has a knowledge of the DNS 529 00:19:47,345 --> 00:19:48,565 that no other application 530 00:19:48,945 --> 00:19:50,484 on your platform has. 531 00:19:51,825 --> 00:19:53,664 So your browser might know, I'm going to 532 00:19:53,664 --> 00:19:55,904 rust.net. Here's its IP address. Blah blah blah. 533 00:19:55,904 --> 00:19:56,730 I've done a web fetch. 534 00:19:57,289 --> 00:19:59,130 But if you bring up a terminal window 535 00:19:59,130 --> 00:20:01,150 and go SSH rust.net, 536 00:20:01,529 --> 00:20:02,910 the operating system goes, 537 00:20:05,049 --> 00:20:06,990 because it's not a common pool anymore. 538 00:20:08,650 --> 00:20:09,869 Right? So the application 539 00:20:10,845 --> 00:20:12,865 is now making its own choices. 540 00:20:14,444 --> 00:20:14,944 Now 541 00:20:15,244 --> 00:20:17,484 which resolver are you gonna go to? Because 542 00:20:17,484 --> 00:20:20,605 you're running HTTPS, and like the web, you 543 00:20:20,605 --> 00:20:21,744 can go anywhere. 544 00:20:22,444 --> 00:20:25,005 And so the ISP says, hi. Here's some 545 00:20:25,005 --> 00:20:25,984 friendly resolvers. 546 00:20:26,819 --> 00:20:28,279 Now you could be in China. 547 00:20:28,579 --> 00:20:29,799 You could be in Kazakhstan. 548 00:20:30,500 --> 00:20:31,960 You could be in many places 549 00:20:32,259 --> 00:20:34,980 that offer some kind of DNS censorship for 550 00:20:34,980 --> 00:20:35,480 free. 551 00:20:36,740 --> 00:20:38,980 Even The UK and Australia, it's just part 552 00:20:38,980 --> 00:20:39,494 of the service. 553 00:20:41,494 --> 00:20:42,875 We care. It's free. 554 00:20:43,174 --> 00:20:44,474 But if I'm a browser 555 00:20:45,255 --> 00:20:47,194 and I tunnel across to 556 00:20:48,055 --> 00:20:49,994 a DNS provider that says, 557 00:20:50,295 --> 00:20:52,775 I will translate anything that's in the DNS. 558 00:20:52,775 --> 00:20:54,315 I'm not going to censor you. 559 00:20:55,919 --> 00:20:58,500 I'm making an independent decision as a browser. 560 00:21:00,079 --> 00:21:01,919 Again, though, let's look at this a little 561 00:21:01,919 --> 00:21:04,819 bit more. If the browser is doing it, 562 00:21:05,200 --> 00:21:07,140 then it's no longer a nerd knob. 563 00:21:08,000 --> 00:21:09,059 So let's say, 564 00:21:09,440 --> 00:21:10,500 just for one 565 00:21:11,065 --> 00:21:11,565 microsecond, 566 00:21:12,345 --> 00:21:14,265 that Chrome decides to do it. And let 567 00:21:14,265 --> 00:21:16,424 me point out they have not decided to 568 00:21:16,424 --> 00:21:17,404 do anything yet. 569 00:21:18,184 --> 00:21:19,644 But if they did, 570 00:21:20,424 --> 00:21:21,384 78% 571 00:21:21,384 --> 00:21:23,005 of the world will then do it 572 00:21:23,559 --> 00:21:25,259 because that's its market share. 573 00:21:25,559 --> 00:21:28,519 So if Chrome decided to take all of 574 00:21:28,519 --> 00:21:29,259 its DNS 575 00:21:30,680 --> 00:21:33,660 and quietly direct it to a trusted recursive 576 00:21:33,720 --> 00:21:34,220 resolver 577 00:21:34,599 --> 00:21:36,059 that Chrome has chosen, 578 00:21:37,320 --> 00:21:39,285 no one else would see it because it's 579 00:21:39,285 --> 00:21:39,785 encrypted. 580 00:21:40,565 --> 00:21:42,565 No one else could argue with it because 581 00:21:42,565 --> 00:21:44,644 Chrome did it, and it would be hard 582 00:21:44,644 --> 00:21:46,904 to undo it because it's a nerd knob. 583 00:21:47,605 --> 00:21:48,965 And it would break all this and it 584 00:21:48,965 --> 00:21:50,744 would break all the CDNs. Right? 585 00:21:51,329 --> 00:21:53,349 Well, break a whole bunch of stuff. 586 00:21:53,890 --> 00:21:56,690 Not the least national policies, but CDNs, VPN, 587 00:21:56,690 --> 00:21:58,529 you you name it. A whole bunch of 588 00:21:58,529 --> 00:22:00,369 things would get broken that kind of assume 589 00:22:00,369 --> 00:22:02,150 the DNS works one way. 590 00:22:02,529 --> 00:22:04,069 And these guys are tunneling 591 00:22:04,605 --> 00:22:06,224 from the application itself 592 00:22:07,164 --> 00:22:08,704 across to some other point, 593 00:22:09,164 --> 00:22:10,065 a point that 594 00:22:10,365 --> 00:22:12,785 the user, the platform, and the intermediaries 595 00:22:13,164 --> 00:22:14,304 have no say in. 596 00:22:14,765 --> 00:22:16,224 It's the browser's choice. 597 00:22:17,509 --> 00:22:19,669 Now on the browser side, they kind of 598 00:22:19,669 --> 00:22:20,649 argue, look. 599 00:22:21,269 --> 00:22:23,429 You got caught with your fingers in in 600 00:22:23,429 --> 00:22:25,750 the till. You got caught looking. You got 601 00:22:25,750 --> 00:22:26,970 caught abusing us. 602 00:22:27,589 --> 00:22:29,589 We don't think you're worthy of the user's 603 00:22:29,589 --> 00:22:30,409 trust anymore. 604 00:22:30,784 --> 00:22:32,784 We, the browser folk, whose interests are you, 605 00:22:32,784 --> 00:22:33,524 the consumer, 606 00:22:33,904 --> 00:22:36,304 think you deserve better than this. So we're 607 00:22:36,304 --> 00:22:38,625 gonna take the decision away from you and 608 00:22:38,625 --> 00:22:40,865 basically put you in a different room where 609 00:22:40,865 --> 00:22:42,404 your DNS doesn't leak. 610 00:22:43,490 --> 00:22:45,090 So this is the kind of the pros 611 00:22:45,090 --> 00:22:47,430 and cons of the argument flying around here. 612 00:22:47,809 --> 00:22:50,130 The some folk kinda go, well, we're used 613 00:22:50,130 --> 00:22:50,950 to the DNS 614 00:22:51,650 --> 00:22:52,150 being 615 00:22:52,610 --> 00:22:54,230 an open piece of infrastructure. 616 00:22:54,930 --> 00:22:57,009 And whether you're a CDN provider or a 617 00:22:57,009 --> 00:22:58,070 VPN provider, 618 00:22:58,865 --> 00:23:00,565 whether you're a platform provider, 619 00:23:00,865 --> 00:23:03,105 like Android or or Apples with their Mac 620 00:23:03,105 --> 00:23:05,744 Mac OS's and iPhone, if that's your stock 621 00:23:05,744 --> 00:23:07,045 in trade, then 622 00:23:07,345 --> 00:23:08,404 you do the DNS. 623 00:23:08,865 --> 00:23:10,785 And if you're an ISP, you do the 624 00:23:10,785 --> 00:23:11,285 DNS. 625 00:23:12,029 --> 00:23:14,350 But the browser folk are kinda going, with 626 00:23:14,350 --> 00:23:15,730 DNS over HTTPS, 627 00:23:17,230 --> 00:23:19,490 I don't necessarily have to play your game, 628 00:23:20,109 --> 00:23:21,809 and I can use defaults 629 00:23:22,190 --> 00:23:23,410 inside my application 630 00:23:24,109 --> 00:23:25,410 that lift the application 631 00:23:25,950 --> 00:23:27,090 away from you 632 00:23:27,474 --> 00:23:29,014 and take it out of your control. 633 00:23:30,034 --> 00:23:30,534 Right. 634 00:23:31,474 --> 00:23:33,794 And at that point, you know, we light 635 00:23:33,794 --> 00:23:34,534 the firecrackers. 636 00:23:35,234 --> 00:23:37,875 We take a step back and watch the 637 00:23:37,875 --> 00:23:39,254 light show. Yes. 638 00:23:39,599 --> 00:23:41,359 Well, right. And it and it becomes I 639 00:23:41,359 --> 00:23:43,519 mean, there's just so much about this that 640 00:23:43,519 --> 00:23:44,019 is 641 00:23:44,640 --> 00:23:47,920 potentially troubling. Right? There's so much about this 642 00:23:47,920 --> 00:23:50,640 that could just that could go wrong. Not 643 00:23:50,640 --> 00:23:53,539 that it necessarily will, but it could. 644 00:23:54,034 --> 00:23:56,914 Well, let let's talk about this, and let's 645 00:23:56,914 --> 00:23:59,095 actually go there because, you know, why not? 646 00:24:00,515 --> 00:24:01,654 There is no doubt 647 00:24:02,034 --> 00:24:05,174 that the underlying certificate system that the DNS 648 00:24:05,234 --> 00:24:06,454 uses as its 649 00:24:06,914 --> 00:24:08,454 trusted rock of security 650 00:24:09,940 --> 00:24:11,559 is pretty corrupt and pretty horrible. 651 00:24:14,820 --> 00:24:16,360 We all wish that were otherwise, 652 00:24:16,820 --> 00:24:17,320 but 653 00:24:18,019 --> 00:24:18,840 folk who 654 00:24:19,299 --> 00:24:20,039 get listed 655 00:24:20,340 --> 00:24:22,039 inside software as a trusted, 656 00:24:22,900 --> 00:24:24,200 issuer of certificates 657 00:24:25,045 --> 00:24:27,865 are sometimes corrupted by, you know, mere money 658 00:24:28,325 --> 00:24:30,424 and do things that they should not do. 659 00:24:31,045 --> 00:24:33,365 And the problem is you can't tell a 660 00:24:33,365 --> 00:24:35,684 bad certificate from a good certificate. They're all 661 00:24:35,684 --> 00:24:36,345 just certificates. 662 00:24:37,450 --> 00:24:37,950 Symantec, 663 00:24:38,650 --> 00:24:40,509 which is now no longer in existence, 664 00:24:41,609 --> 00:24:43,150 got caught certifying 665 00:24:43,769 --> 00:24:47,070 the domain name that doesn't exist, example.com. 666 00:24:48,009 --> 00:24:48,509 Now 667 00:24:48,890 --> 00:24:51,150 if I tell you I'm a certificate authority 668 00:24:51,289 --> 00:24:53,070 and I hardly ever lie, 669 00:24:53,984 --> 00:24:55,424 and I'm not gonna tell you which ones 670 00:24:55,424 --> 00:24:56,404 I'm lying about, 671 00:24:58,464 --> 00:25:00,865 you can't trust anything I do because I 672 00:25:00,865 --> 00:25:03,125 could be lying for just you. You know? 673 00:25:03,505 --> 00:25:05,744 And this is the problem that kind of 674 00:25:05,744 --> 00:25:06,244 besets 675 00:25:06,670 --> 00:25:07,890 the certificate world. 676 00:25:08,589 --> 00:25:10,910 There have been numerous approaches to try and 677 00:25:10,910 --> 00:25:11,890 clean this up. 678 00:25:12,269 --> 00:25:14,269 And do you know the best answer we 679 00:25:14,269 --> 00:25:14,769 have? 680 00:25:16,349 --> 00:25:18,849 It's an old one, actually. It's called certificate 681 00:25:18,910 --> 00:25:19,410 transparency. 682 00:25:20,914 --> 00:25:22,375 The best answer we have 683 00:25:22,835 --> 00:25:25,095 is that a trusted certificate provider 684 00:25:25,634 --> 00:25:27,414 has to publish in the open 685 00:25:28,035 --> 00:25:29,575 every certificate it issues. 686 00:25:30,755 --> 00:25:32,914 So the only thing that keeps the CA 687 00:25:32,914 --> 00:25:34,054 system from going 688 00:25:34,429 --> 00:25:35,809 completely off the rails 689 00:25:36,670 --> 00:25:37,329 is openness. 690 00:25:38,829 --> 00:25:39,329 Now 691 00:25:39,950 --> 00:25:41,250 I can still be bad, 692 00:25:41,789 --> 00:25:44,029 and I've got about, I don't know, ten 693 00:25:44,029 --> 00:25:45,890 minutes before you'll notice. 694 00:25:47,309 --> 00:25:49,294 And and it's not a very good defense. 695 00:25:49,835 --> 00:25:52,315 But after about ten minutes, someone might see 696 00:25:52,315 --> 00:25:55,194 this logged fake certificate and go, that's bad, 697 00:25:55,194 --> 00:25:56,815 and we'll go and fix it up. 698 00:25:57,434 --> 00:26:00,154 But the point is, well, the only thing 699 00:26:00,154 --> 00:26:03,214 that's keeping all this stuff together is openness. 700 00:26:04,420 --> 00:26:05,480 Now the DNS 701 00:26:05,779 --> 00:26:07,160 was an open protocol. 702 00:26:07,859 --> 00:26:10,359 You could see it. Anyone could see it. 703 00:26:10,420 --> 00:26:12,500 And that was both its strength and its 704 00:26:12,500 --> 00:26:13,000 weakness. 705 00:26:13,700 --> 00:26:14,599 Because if 706 00:26:15,059 --> 00:26:18,039 I started to stand up a recursive resolver 707 00:26:18,180 --> 00:26:19,080 that lied, 708 00:26:20,225 --> 00:26:21,285 literally lied. 709 00:26:22,065 --> 00:26:23,924 You wanna go to facebook.com? 710 00:26:23,984 --> 00:26:26,725 Try, oh, 1.1.1.one. 711 00:26:26,945 --> 00:26:27,845 That's a lie. 712 00:26:28,305 --> 00:26:28,805 Well, 713 00:26:29,424 --> 00:26:31,265 I can see it's a lie because it's 714 00:26:31,265 --> 00:26:31,765 open. 715 00:26:32,690 --> 00:26:35,250 But what if your browser does it through 716 00:26:35,250 --> 00:26:36,390 an encrypted channel 717 00:26:36,769 --> 00:26:38,369 and the other end of the channel lies 718 00:26:38,369 --> 00:26:40,069 back? No one can see it. 719 00:26:41,329 --> 00:26:41,829 So 720 00:26:42,130 --> 00:26:44,549 one of the things we lose with DOH 721 00:26:45,125 --> 00:26:47,545 is actually the openness of the namespace. 722 00:26:48,644 --> 00:26:49,144 Now 723 00:26:50,005 --> 00:26:52,325 we talked a little bit about CDNs and 724 00:26:52,325 --> 00:26:54,184 VPNs and customized spaces. 725 00:26:55,125 --> 00:26:56,025 But what if 726 00:26:56,884 --> 00:26:58,345 I set up a trusted 727 00:26:58,920 --> 00:26:59,900 DoH server 728 00:27:00,519 --> 00:27:01,420 that deliberately 729 00:27:02,279 --> 00:27:05,420 creates a so called fake name space that 730 00:27:06,119 --> 00:27:07,740 is tuned against your application? 731 00:27:09,160 --> 00:27:10,059 Good or bad? 732 00:27:11,174 --> 00:27:13,595 It's kind of taking the split DNS model 733 00:27:14,054 --> 00:27:16,394 and making the split not obvious. 734 00:27:38,477 --> 00:27:40,317 Join us in the next episode of The 735 00:27:40,317 --> 00:27:42,977 Hedge as we continue our discussion of DNS 736 00:27:43,037 --> 00:27:45,377 over HTTPS with Jeff Houston.