Specific Issues for Discussion:
The Internet Monitoring Action Project (iMAP) releases annual reports on the state of internet censorship covering 9 countries in Southeast Asia (Burma, Cambodia, Indonesia, Philippines, Malaysia, Thailand, Vietnam), Hong Kong (China) and India using data from OONI (Open Observatory Network Interference). Findings from the report revealed that DNS tampering is the most commonly used method of blocking of websites in the region, whereby ISPs (internet service providers) would redirect the DNS to a blockpage. The findings also revealed that these blockpages are either empty, ‘NXDOMAIN’, or come with a written notice from a government authority about the website being blocked. In most of the cases, the blocking is conducted in a non-transparent manner without notification to either the website owners or users.
From a security and internet engineering point of view, DNS tampering without any errors raised for host queries or visible notification in client interfaces such as web browsers may pose a security or engineering issue to clients and services, as they are redirected unexpectedly to an unknown address or page.
This session is aimed to discuss the potential solutions via extensions or updates to internet and web standards and implementations for DNS hijacking and tampering such as but not limited to:
– [RFC 9364] DNSSEC (Domain Name System Security Extensions): enable authentication process to trusted domain name lookups in the Domain Name System (DNS)
– [RFC 7858] DNS over TLS: ensuring that DNS queries are private and hidden from ISPs
– [RFC 4924] HTTP response code 451 (“ Unavailable For Legal Reasons”): Proposed standard error code to be displayed in the HTTP response when a resource is denied access as a consequence of a legal demand
– Reviewing other relevant Internet and Web Standards to provide users more flexibility and control over their usage of the internet
