[dns-operations] Introducing DNSCrypt

Paul Wouters paul at cypherpunks.ca
Tue Dec 6 18:44:47 UTC 2011


On Tue, 6 Dec 2011, Bill Owens wrote:

> I'm having difficulty understanding the value of encrypting one's DNS query stream. It doesn't provide any meaningful privacy improvement, and I can't see what else it would do.

starbuck wifi.

If they did this implementing the djb curve stuff, it would mean non-dns
traffic over port 53. It would also mean no crypto agility or migration
path and eternal trust in djb's personal ECC curve over cryptographers
and patent lawyers. And once you start tunneling it over HTTPS, you're
left to wonder whu the curve stuff to begin with.

+1 for dnssec-trigger/unbound's implementation. Perhaps the format of
"real https" can be drafted up by Wouter?

Paul



More information about the dns-operations mailing list