[dns-operations] Introducing DNSCrypt
Bill Owens
owens at nysernet.org
Tue Dec 6 17:57:48 UTC 2011
On Tue, Dec 06, 2011 at 05:31:26PM +0000, Paul Vixie wrote:
> On 12/6/2011 5:10 PM, Stephane Bortzmeyer wrote:
> > And SIG(0) aka RFC 2931? I certainly understand why TSIG was not
> > possible (shared secret with hundreds of thousands of users) but
> > SIG(0)?
>
> +1, noting that SIG(0) is only authentication not encryption (but would
> form a good basis for encryption.)
I'm having difficulty understanding the value of encrypting one's DNS query stream. It doesn't provide any meaningful privacy improvement, and I can't see what else it would do.
I think that I understand the specific motivations for OpenDNS to deploy their current project; I don't think those motivations are generally applicable, since they depend on the particular business model used by OpenDNS. And I don't see any benefit to encryption in their use case, either. Am I missing something?
Bill.
More information about the dns-operations
mailing list