Interview: Sara Dickinson.

> Hello Sara, may you introduce yourself to future RMLL attendees who might not know you yet?

I’m Sara Dickinson and I’m a co-founder of Sinodun IT. We are a DNS focussed research and development company based in Oxford, UK.

I’ve worked in a number of different industries over the past 18 years as a systems analyst, software developer and project manager. Over the last decade I had been focussed on DNS and DNSSEC and over the last few years I have been increasingly involved with efforts to promote DNS Privacy.

Sinodun actively promotes Open Standards and we regularly attend and contribute to IETF, RIPE and OARC. We’ve been directly involved with developing the latest Standards from the IETF DPRIVE (DNS Privacy) working group. More recently I’ve been working to establish the dnsprivacy.org project and I co-chaired the first ISOC DNS Privacy Workshop earlier this year. I’m also an active member of the getdns (https://getdnsapi.net/) development team where I mainly work on Stubby, a privacy enabled stub resolver.

> You are an experienced IT professional both on architecture and development sides. What led you to invest yourself into the DNS development and ecosystem OpenDNSSEC, GetDNS etc) and more specifically into their security and privacy aspects?

The DNS is one of the most important infrastructure components of the Internet and often ignored or misunderstood by Internet users (and even by many professionals). Almost every activity on the Internet starts with a DNS lookup (and in fact several). However most non-technical users are completely unaware of DNS (unless it breaks!) and have no real grasp of what it reveals about their internet activity. As a result leakage of personally identifiable information via the DNS is widespread.

The protocol is 30 years old but unfortunately authentication and privacy of DNS transactions were not included in the original design. Evolving the DNS to include security and privacy is far from a trivial task, in part because of the burden of backwards compatibility but also because it is frequently subject to a range of attacks. For example, the DNSOP IETF working group has published 12 new RFCs in the last 18 months alone as new and important work continues in this area.

> The most challenging part of the DNS infrastructure to maintain, improve and change is the last mile, the client part on our terminals (PC, smartphones) . According to you, what is the best path to reach a trustable and privacy respectful DNS resolution on our terminals ?

There are two parts the problem. On the client side I would favour operating system developers working more closely with existing DNS implementors to integrate new and evolving DNS software. DNS is, in fact, a very subtle protocol and this type of collaboration is key in my mind to having correctly functioning and reliable software available for end users.

The second issue is that we also need to have trust in the DNS service providers we use, or else client software can be compromised in delivering functionality. For example, providers should be enabling DNSSEC capable resolvers and being transparent in their data handing policies.

> You work for years inside the IETF. Would you say it is easy towork, collaborate and promote things inside the IETF (on the DNS landscape) or, as often reported by members of W3C groups, would you also complain about the "follow us or not, but we will ship it anyway" way of standardization done by some big vendors?

I think the DNS is less subject to that problem than some other protocols because of the nature of the deployments. It is true, however, that often a handful of personalities can dominate certain working groups and it can be daunting to become involved for the first time. I wish there were better arrangements for including newcomers in the process via mentoring or an introduction scheme.

For DNS the IETF Hackathon has become a very important activity for collaboration between implementors with some significant advances resulting from the work there.

> As an IETF groups member but also an IT expert, what kind ofadvantages but maybe also drawbacks,if any, do you see in free software products or in free software development process?

For DNS open software is critical for both robustness and diversity. A few years ago BIND dominated the open source DNS market but now there are a range of proven open source alternatives and it is common practice to use more than one implementation in a deployment. This is a much healthier situation for the industry and it also provides freedom for the development of many experimental features and protocols which might not happen otherwise.

Interestingly many open source implementations have moved to copyleft licenses in order to protect their IP as some firms were building appliances around open source implementations. Many questions are being asked about the business model for developing open source DNS software in the future.

> Your talk during the security track of the RMLL will be about Privacy and DNS. What kind of impact do you expect from your talk and more generally from the time you will spend at the RMLL?

My main goal will be to raise awareness in this community of the wide range of issues surrounding DNS Privacy and convey that the landscape is changing to provide solutions in this area. It is, however, only one part of the more general problem of pervasive surveillance so I am hopeful of gaining a better perspective on other related efforts.

> Thank you very much Sara et see you for your talk à 2017 RMLL, Wednesday July, 5.