[dns-operations] Introducing DNSCrypt
Chris Adams
cmadams at hiwaay.net
Tue Dec 6 18:11:58 UTC 2011
Once upon a time, Stephane Bortzmeyer <bortzmeyer at nic.fr> said:
> IPsec is clearly not deployed. There are many reasons for that but one
> of the most important seem to be the difficulty to distribute
> keys. Relying on IPsec to secure DNS is not realistic.
How does this (less-deployed-than-IPsec) DNSCrypt handle key
distribution? I looked at the referenced URL, but saw nothing about how
the endpoints are authenticated. Encryption without verified
authenticity is not much use.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the dns-operations
mailing list