[dns-operations] Introducing DNSCrypt
Paul Vixie
paul at redbarn.org
Tue Dec 6 17:31:26 UTC 2011
On 12/6/2011 5:10 PM, Stephane Bortzmeyer wrote:
> On Tue, Dec 06, 2011 at 07:17:21AM -0800,
> David Ulevitch <david at opendns.com> wrote
> a message of 79 lines which said:
>
>> The goal of DNSCrypt is to provide encryption of all DNS traffic
>> between stubs and resolvers, a growing and often overlooked problem
>> that has bugged us for some time. TSIG was one consideration,
> And SIG(0) aka RFC 2931? I certainly understand why TSIG was not
> possible (shared secret with hundreds of thousands of users) but
> SIG(0)?
+1, noting that SIG(0) is only authentication not encryption (but would
form a good basis for encryption.)
see also the extraordinarily illuminating discussion that started with
this 2008 namedroppers post:
http://www.ietf.org/mail-archive/web/dnsext/current/msg01963.html
More information about the dns-operations
mailing list