[dns-operations] IP address encryption: pseudonymization
Paul Hoffman
phoffman at proper.com
Sun Feb 11 20:11:56 UTC 2018
On 11 Feb 2018, at 11:57, bert hubert wrote:
> On Sun, Feb 11, 2018 at 11:41:39AM -0800, Paul Hoffman wrote:
>> Please say more about what you mean by "standard". Do you mean
>> getting the
>> ipcipher algorithm on IETF standards track? That would be useful,
>> once it
>> has gotten proper vetting in they crypto community.
>
> A standard is something people can adhere to, to enhance
> interoperability.
> I personally have no interest in dragging this through the IETF at
> this
> point. It is a traumatizing experience of uncertain benefit.
Noted, but many of us disagree. I'm happy to ask CFRG about ipcipher;
it's inventor is there and the discussion could be useful.
> I do hope people will comment however on the current state of the
> document.
I'll start: the Python and Go code are pretty easy to read. He gives
examples that seem to work. If you wanted to use his code to implement
in C or Javascript or assembly or something, it should be
straightforward.
I cannot at all discuss whether the algorithm is sound from a
cryptographic
> Once it reaches some consensus, we'll version it as 'ipcipher version
> 1'.
>
> And who knows, this may lead to a solid proposal for 'ipcipher version
> 2'
> which we could turn into an IETF draft if there is interest.
This is why I asked: What do you think the difference between those
versions might be? The current version seems feature-complete.
--Paul Hoffman
More information about the dns-operations
mailing list