The presentation discusses the evolution of middleware and its impact on privacy in the context of DNS encryption.
- HTTP shifted to an encrypted model with HTTPS, making it difficult for anyone to intercept or manipulate data passing through the HTTP connection to the web server.
- Reverse proxies and cloud computing made the destination IP address less useful as a piece of information.
- TLS handshake used to establish HTTPS connections sends the host name in the clear using SNI, which is a problem as it shares data that is not easily inferable from any other place in the HTTP connection.
- DOH and DOT are new protocols that encrypt DNS queries, but their adoption could lead to the consolidation and aggregation of DNS servers into a few players, which could be problematic for privacy.
- TLS 1.3 is replacing TLS 1.2 and predecessors with an encrypted version that makes the entire HTTPS connection opaque to middleware.
In the early days of the internet, the fact that someone knew the host name was not a particularly egregious oversharing of information because there was a close to one-to-one mapping between IP addresses and hosts. However, with the rise of reverse proxies and cloud computing, the IP address became less useful as a piece of information. Today, the TLS handshake used to establish HTTPS connections sends the host name in the clear using SNI, which is a problem as it shares data that is not easily inferable from any other place in the HTTP connection.