[dns-operations] DNSCrypt.
Frank Denis
frank at opendns.com
Fri May 31 18:03:03 UTC 2013
On May 31, 2013, at 8:17 AM, Paul Wouters <paul at cypherpunks.ca> wrote:
> Whoever designs a security protocol with no crypto algility should take
> up another hobby, something nice like gardening or star gazing.
dnscrypt supports crypto agility, not by negotiating a cipher suite, but by protocol version negotiation.
The cipher suite it uses has changed twice already.
> On top of that, there is the question of usefulness. You send out an
> encrypted DNS packet for www.secret.com.
dnscrypt is about authentication, not privacy, and I hope the project description (not the opendns marketing page) makes it clear.
Just fgrep -c "authentic" vs fgrep -c "encrypt" in the description.
More information about the dns-operations
mailing list