[dns-operations] DNSCrypt.

Frank Denis frank at opendns.com
Fri May 31 18:03:03 UTC 2013


On May 31, 2013, at 8:17 AM, Paul Wouters <paul at cypherpunks.ca> wrote:
> Whoever designs a security protocol with no crypto algility should take
> up another hobby, something nice like gardening or star gazing.

  dnscrypt supports crypto agility, not by negotiating a cipher suite, but by protocol version negotiation.
  The cipher suite it uses has changed twice already.

> On top of that, there is the question of usefulness. You send out an
> encrypted DNS packet for www.secret.com.

  dnscrypt is about authentication, not privacy, and I hope the project description (not the opendns marketing page) makes it clear.

  Just fgrep -c "authentic" vs fgrep -c "encrypt" in the description.
  




More information about the dns-operations mailing list