[dns-operations] IP address encryption: pseudonymization

bert hubert bert.hubert at powerdns.com
Sun Feb 25 12:21:34 UTC 2018

On Thu, Feb 22, 2018 at 11:35:32AM -0800, Paul Hoffman wrote:
> I started a thread on the CFRG mailing list about ipcrypt. (CFRG is the
> Crypto Forum Research Group, part of the IRTF, and is the place where the
> IETF goes for crypto advice.) The results may instill caution in using
> ipcrypt.

Thanks Paul! I have added a paragraph noting the ongoing discussion to https://powerdns.org/ipcipher/

I've not been able to determine if the weaknesses discussed on the CFRG list
are worse than the inherent limitations of IP address pseudonymization or

I've also taken a look at FF2/FF3 as noted there but have not been able to
find out the patent status of these algorithms. At the very least there
appears to a cloud of worry hanging over them.


More information about the dns-operations mailing list