Skip to content

Instantly share code, notes, and snippets.

@jpmens jpmens/ Secret
Last active Feb 7, 2019

What would you like to do?
Call for Questions: FOSDEM

On Sunday, February 3rd 2019, at 11:55 there will be a DNS Privacy Panel in room K.4.601 at FOSDEM. During this discussion, three very distinguished members of the Internet community will discuss the changing DNS privacy landscape.

The panel will consist of:

Discussion will include topics such as DNS over HTTP (DoH), DNS over TLS (DoT), and any and all aspects related to DNS Privacy in general.

I, Jan-Piet Mens, have the honour to be moderating the short discussion, and herewith call upon all of you to submit questions you may have relevant on the topic at hand to our illustrous guests!

You can submit these questions in a multitude of ways:

  • as a comment to this post
  • per tweet or DM to @jpmens
  • per IRC: I am jpmens on OFTC and on Freenode
  • per email to

I will, as a matter of course, handle your questions anonymously.

Thank you for participating, and we are greatly looking forward to your questions.

(It is my understanding that the above panel discussion will be recorded, and I will update this message as soon as the recording has been made available.)


This comment has been minimized.

Copy link

commented Jan 17, 2019

  1. I'll get to substance in a second but first: why four white men for this panel? There are some great DNS Privacy people that would have made for a more diverse and inclusive panel. E.g., adding Sarah Dickinson would be a fantastic idea (she may have already told you she's busy! apologies if so.)

  2. Can the panelists talk about the differing perspectives up through the network stack with respect to DOH/DOT? That is, apps clearly seem to like the idea of not having to trust unauthenticated nonconfidential DNS provided by the OS/ISP and instead would like to chose themselves what DNS to use. On the contrary, ISPs that use DNS traffic for malware characterization and enterprise split-horizon DNS and even the always-vexing captive portal problem all seem to need a bit more nuance and prefer LAN-provided DNS.

  3. Software like browsers seem to want to have a list of DOH providers that they can shuffle queries across in order to minimize the raw quantity of queries any given DOH service sees from a given user. Right now the big DOH services all have very very different privacy policies and terms of service making such a list impossible as you'd be comparing apples to oranges (e.g., one second you are talking to CF's which a very strong privacy policy and the next minute you are talking to Google's which has a much less strong privacy policy). How should application developers decide which kind of DOH service to build into their offerings? (My own organization, CDT, is going to start an effort in a few months to try and bring DOH providers together to set some baseline "rules of the road" for these kinds of services and we'd love to work with others thinking about the "wild west" of DOH.)

  4. Android recently shipped a change that will upgrade local DNS connections to DOT connections if the local DNS resolver supports DOT. Do we see other efforts in the future to do this kind of opportunistic upgrade by operating systems? Is this in general ok compared to the other DOH complications that we know of?


This comment has been minimized.

Copy link

commented Feb 2, 2019

  1. she may have already told you she's busy!

Yes - I did ask her, she couldn't make it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.