[dns-operations] IP address encryption: pseudonymization

bert hubert bert.hubert at powerdns.com
Sun Feb 11 19:57:39 UTC 2018

On Sun, Feb 11, 2018 at 11:41:39AM -0800, Paul Hoffman wrote:
> Please say more about what you mean by "standard". Do you mean getting the
> ipcipher algorithm on IETF standards track? That would be useful, once it
> has gotten proper vetting in they crypto community.

A standard is something people can adhere to, to enhance interoperability. 
I personally have no interest in dragging this through the IETF at this
point.  It is a traumatizing experience of uncertain benefit.

https://twitter.com/fugueish/status/959877791289257984 summarises this
pretty well:

"The IETF is not for:
 * cryptography
 * protocol design
 Do not use it for those things.".

I do hope people will comment however on the current state of the document.

Once it reaches some consensus, we'll version it as 'ipcipher version 1'.

And who knows, this may lead to a solid proposal for 'ipcipher version 2'
which we could turn into an IETF draft if there is interest.

> As a side-note, RSSAC is working in this area as well. There is a reasonable
> chance that there will be an official RSSAC document about anonymization in
> the next six months. It will also cover whether or not the various root
> server operators should harmonize the way they do anonymization. The
> document will go to the RSSAC Caucus tomorrow or the next day, and will
> hopefully be passed to RSSAC for consideration within a month or two,
> depending on the level of discussion.

I find the discussion in
rather useful.

Good luck!


More information about the dns-operations mailing list