Hi, Wes, I have a minor question about this draft. It is said in section 2.1 of this draft that the encrypted "real" request (namely the blob "EEEEEEEE" in this draft) is taken as the left-most label of the new synthetic domain name (namely "EEEEEEEEE.K1.example.org"). Since the length of a domain name label is within 64, now I am wondering is it always possible to insert an encrypted DNS request into one synthetic domain name as the left-most label?
Guangqing Deng CNNIC From: Wes Hardaker Date: 2014-04-02 05:43 To: dns-privacy Subject: [dns-privacy] On behalf of Apr 1st, here is a DNSE solution. The problem with other solutions is that you (a DNS user) must trust someone not to have been hacked or to sell you out. This solution is a super-hack, but shows the type of architecture needed to ensure that no entity but you knows both: - who made the request - what the request (and response) contains Anyone that knows both is a potential point of compromise. http://datatracker.ietf.org/doc/draft-hardaker-dnse-split-key-dns/ Warning: the security in here is not. -- Wes Hardaker Parsons _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
