October 2020 - Domains | Encryption

DNS over HTTPS: Agreeing to Almost Agree

Achieving consensus means all sides have to feel equal amounts of pain, admits Thomas Rickert from the eco Association.

DoH: Agreeing to Almost Agree

© wildpixel | istockphoto.com

dotmagazine: Thomas, you were recently involved in putting together the eco Association Discussion Paper on DoH. Why have you called it a discussion paper? 

Thomas Rickert: When we started the conversation about DoH with members of our membership and beyond, we were pretty open to finding out what our members' thoughts were, so there was the chance that this could actually become a position paper. Ideally, we would have produced a position paper where our membership can take a position and clearly say yes or no, can provide their join opinion on the given topic or service.

However, DoH is quite a controversial and multifaceted topic, and there are a lot of different views out there. I think this is an area where there is no binary position possible or desirable. I mean, the technology is out there. It's being deployed. So there's no way to put the toothpaste back into the tube. But we want to make sure that those who are considering deploying DoH, as well as the wider interested user-base, know about the pros and cons and can inform themselves effectively.

As a result, we felt that we would do our membership and the wider community a better service by not trying to drive our group to consensus – as you would, for example, in policy making in groups. Instead, we thought it would be good to bring together all the pros and cons regarding technical, legal, operational, and security aspects, and give the reader the opportunity to form their own opinion based on the information that we provide.

dot: What do you personally see as the most important recommendation for the implementation and deployment of DoH? 

Rickert: I think the most important recommendation in the paper mirrors the most frequently-heard and most vocal criticism of DoH, which was – and possibly still is – that DoH can lead to a monopoly or an oligopoly of data points. Many folks don't like the idea of the Internet – which is meant to be decentralized – becoming dependent upon individual actors or certain infrastructure. Therefore, the most important recommendation that emerged out of our work, I guess, is that all the ISPs – which is a huge part of eco’s membership – should consider setting up their own DoH resolvers, that they should consider deploying DoH, and that they should recommend to their users to set up auto-config, so that there's a good chance that we will see a greater diversity of infrastructure being used in the marketplace. That primary concern is actually addressed by offering the users with real choices.

dot: You mentioned that in the paper you took the approach that you weren't trying to badger eco’s diverse membership into consensus. But how important is consensus for topics like DoH? 

Rickert: I think consensus is not a bad thing, in many places. But when it comes to digital infrastructure, as long as there is interoperability, you can still have different services working in parallel. So I think that consensus is desirable, but not inevitable in this case.

dot: When it comes to highly polarizing Internet industry topics, what tends to be the driver or the motivating factor behind the opposing sides? Are there patterns to the positions of the different disputing parties? 

Rickert: I'm not sure that I'm able to identify patterns on the spot, but I think in this case that one driver might be laziness – that you just want things to remain as they are. Another point might be the uncertainty of the unknown, meaning that you'd better not change a running system. A further aspect might be that you are afraid of certain actors – be it a commercial or a not-for-profit – getting too big a piece of a certain segment of the market. So there is the fear of monopolies or the fear of oligopolies.

And also, I guess that a lot of folks think that DoH is only part of the solution, but that it's not everything that's required to ensure greater security and greater privacy in dealing with DNS queries. Maybe some people have been waiting for a better solution, or would have preferred a package of solutions to be offered which could provide a more holistic response to the challenges that we're seeing. So I guess these aspects might be present here in the diversity of views that we've seen on DoH.

However, while these attitudes have emerged in this discussion, they cannot be generalized to all controversies. It pretty much depends on the subject matter at hand. There are other topics where the reasons for taking such positions are more political, or where they are more financial or business-driven, so that folks are motivated to take such positions and hold their corners.

dot: You have done a lot of work on achieving consensus, for example, at ICANN. How do you go about seeking consensus on a polarizing topic?  

Rickert: Well, unfortunately – or fortunately, depending on the perspective that you take – I was involved in a couple of quite contentious and controversial topics in the ICANN policy making world. And I think there is a pattern that we see in almost all – if not all – policy development projects: That we have a diverse group of people representing pretty diverse views in many cases, and although you as the chair – or the shepherd, if you wish – of such a group may anticipate what the ultimate outcome of the discussion might be - or you already have an idea at the outset of how far the compromise can go - it's still important for each and every member of the group to get enough space to let off steam if it is required, to have their positions heard, and make sure that their positions are on record. After everyone has had the opportunity to speak up and inform the others about their positions, then you can start working on finding common ground.

From my experience, although it’s possible start with bigger chunks in terms of the work product crystallizing out of the given topic and do tests of which of these work products enjoy broad support within the group, you may well have trouble succeeding with this procedure. The tactic that I would be trying in this case is to cut the topic into smaller chunks – small enough that everyone can agree on them – and then try to build on that. That's a long process. It's longer than many who are looking at the ICANN community would sometimes hope for, and it makes a lot of folks smile to see how long it takes ICANN to come up with policies. But the consensus positions that ultimately form typically have a pretty robust foundation, because you have actually discussed it from all sides and have considered all sorts of aspects and viewpoints.

What is also important to note is that the part of the ICANN world where I am at home is the GNSO, the Generic Names Supporting Organization. This group takes the definition of consensus as being rough consensus, which means that you don't need unanimity, and it is sufficient to have almost every group subscribing to their positions. The Governmental Advisory Committee (GAC), for example, needs unanimity for adopting certain positions, as does the ITU. But with the GNSO you can get away with rough consensus, and that is a benefit. And then, if you come up with a result that makes everybody equally unhappy, that's a good indicator of a good compromise! 

dot: So compromise should be painful, should it? 

Rickert: It has to be. If one side of the table comes out laughing and the other side of the table crying, that's not good in the long run. Maybe you can have that in the business world, but those deals typically don't last forever, because one party feels like they've been ripped off. If everybody has to sacrifice a little bit of their wishes and if they have to accept things they don't like too much in return, that's typically a good indicator for a good, sustainable consensus.


Thomas Rickert, Attorney-at-law and owner of Rickert Rechtsanwaltsgesellschaft mbH, Bonn, Germany (rickert.net) chairs eco’s Names & Numbers Forum. He is one of three co-chairs of the CCWG-Accountability.