The Internet Engineering Task Force (IETF), around since the late 60s and the engineering standards board for the enchilada, has a fix for preserving ‘net neutrality.’ The working group convened last May and expects to release the standard in early 2018.
The fix is called DOH, for DNS over HTTPS, any and all credit to Homer Simpson warranted (the acronyms standing for Domain Name Servers and Hyptertext Transfer Protocol Secure.)
In simple terms, the fix is simply to make the background skeleton infrastructure unreadable by anyone that’s not supposed to read it, that is resolve domain name lookups over secure encryption, so any and all queries, user initiated or programmatic, can’t be read or mucked with by internet service providers (ISPs) or anyone else because the keys are private.
The 40 year old system we now know runs on hypertext transfer protocol, HTTP, the proposed solution simply allows for that method to run over the encrypted protocol, HTTPS—and for the most part unreadable by anyone else.
Everything we do on the internet is routed and established with domain names and their infrastructure, www.dailykos.com is a domain name, you type it in and automagically it resolves to the correct place, from anywhere in the world via a network of domain name servers, ultimately if needed hitting the root but often resolving at a lower level. This proposal prevents common intrusion into the skeleton architecture, which is the basis of the stupid anti-net neutrality ‘rules’ voted on yesterday.
In this case the metaphor of a tree works, there we are, users, out on the end of a limb, and we walk back to the trunk. Safety in numbers. Sometimes we have to walk to the root, sometimes all we need is to hug a branch. The internet was invented as an open architecture, and I trust is going to remain so, open insofar as any server can join the domain structure and keeps us alive. Seems counterintuitive to talk about private keys then, but this is the antidote to throttled commercial channels, the real gremlin.
“The Internet Engineering Task Force has taken the first steps towards a better way of protecting users' DNS queries and incidentally made a useful contribution to making neutrality part of the net's infrastructure instead of the plaything of ISPs. …
DOH's encryption (via HTTPS) hides the traffic from the provider, on a port the ISP can't block. ...
That's where DOH reaches into the 'net neutrality’ debate. For example, if a network provider is using DNS to identify sources it wants to discriminate against, it will be defeated by the encryption. …
In other words, DNS is leaky, and that leakiness adds to the vast data-hoard of pervasive monitoring (which, you will recall, the Internet Architecture Board considers an attack).
“If you make a choice of resolver, you can limit that – you've disassociated the DNS from your network provider,” McManus said.
Because that's in HTTPS instead of a DNS client, the ISP can't influence the choice.
“You can choose your level of privacy guarantee,” he said, which creates “a market place” for privacy.”
The above is quoted over 3 paragraphs from a source not often used here, so while each paragraph is a sentence, maybe it won’t disqualify for fair use, besides I can’t have said it better.
Since development and rollout always take time, earliest next year, legal challenges need to proceed, and are at it’s heart correct, this is just engineers doing what they do.
The IETF working papers are here datatracker.ietf.org/…
I’m at a loss for tags, additions welcome.
Disclaimer, I’m a fan of the IETF and sometimes actually read their stuff.
Thanks to Kossack CanyonWren for encouraging me to diary this, to attempt to do so in plainspeak, and thanks to the IETF for the thousands of standards making this possible.