Henry L.Coleman wrote: > Hi Duane, could you explain what this does (in simple terms)?
Sure, the idea is similar to how HTTPS works but for DNS. A public key is used to encrypt a DNS request and an embedded AES key which is used to encrypt the reply so the client can decrypt it. The reason for this is most DNS requests don't matter, you end up browsing to the website or what not, so there is little point in masking the content. However for ENUM lookups, just the request contains the same information that the NSA and US telcos were getting into strife for collecting in the past. Even without going down that path there is other possible ways to abuse DNS, such as ISPs collecting this sort of information to try and sell you phone services. Unfortunately everyone doing ENUM lookups is leaking this sort of information, most probably won't care or know about the implication of doing so. Then of course because of the lack of wide spread encryption with VoIP it makes hiding lookups pointless, but at the same time if no one does anything about it and encryption for VoIP comes to pass DNS is likely to remain plain text. We've released patches for FreePBX to do encrypted ENUM lookups, but to date these haven't been incorporated, although since beginning to write an Internet Draft on the topic things have changed to allow for future changes to occur without breaking things and forcing everyone to make a bunch of changes later to accommodate the changes. -- Best regards, Duane http://www.freeauth.org - Enterprise Two Factor Authentication http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Global Communication for the 21st Century "In the long run the pessimist may be proved right, but the optimist has a better time on the trip."
signature.asc
Description: OpenPGP digital signature
