On Mon, 20 Oct 2014, Stephane Bortzmeyer wrote:
I disagree here. The work to "port" DNScurve to the stub-to-resolver link has already been done. It is called DNScrypt <http://dnscrypt.org/>. It is actually deployed <http://www.opendns.com/about/innovations/dnscrypt/>
This is just a simple VPN setup limited to DNS traffic. It does do any kind of internet keying exchange or anything. It's yet another Curve25519 container looking for a problem. The IETF has plenty of tunneling/encryption protocols. Creating a new one with the limitations of dnscurve serves no good purpose to anyone. If opendns really wanted their crypto to be much more useful, they would ensure VPN profiles using IKE/IPsec that work on stock mobile phones, not custom crypto solutions. Paul _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
