[dns-operations] IP address encryption: pseudonymization

Paul Hoffman phoffman at proper.com
Sun Feb 11 20:11:56 UTC 2018

On 11 Feb 2018, at 11:57, bert hubert wrote:

> On Sun, Feb 11, 2018 at 11:41:39AM -0800, Paul Hoffman wrote:
>> Please say more about what you mean by "standard". Do you mean 
>> getting the
>> ipcipher algorithm on IETF standards track? That would be useful, 
>> once it
>> has gotten proper vetting in they crypto community.
> A standard is something people can adhere to, to enhance 
> interoperability.
> I personally have no interest in dragging this through the IETF at 
> this
> point.  It is a traumatizing experience of uncertain benefit.

Noted, but many of us disagree. I'm happy to ask CFRG about ipcipher; 
it's inventor is there and the discussion could be useful.

> I do hope people will comment however on the current state of the 
> document.

I'll start: the Python and Go code are pretty easy to read. He gives 
examples that seem to work. If you wanted to use his code to implement 
in C or Javascript or assembly or something, it should be 

I cannot at all discuss whether the algorithm is sound from a 

> Once it reaches some consensus, we'll version it as 'ipcipher version 
> 1'.
> And who knows, this may lead to a solid proposal for 'ipcipher version 
> 2'
> which we could turn into an IETF draft if there is interest.

This is why I asked: What do you think the difference between those 
versions might be? The current version seems feature-complete.

--Paul Hoffman

More information about the dns-operations mailing list