On Wed, Sep 25, 2013, at 05:15 AM, Stephane Bortzmeyer wrote:
> On Tue, Sep 24, 2013 at 11:31:10PM +1200,
> Andy Wilson <[email protected]> wrote
> a message of 104 lines which said:
>
> > Have you seen DNSCurve? http://dnscurve.org/
>
> Channel-security solutions like the non-standard and poorly documented
> DNScurve provide confidentiality against a passive third-party
> observer. Not against the operators of the authoritative name servers
> who see a lot of traffic and can share it with others. (For instance,
> several of the root name servers are managed by the US army or a US
> government agency.)
>
> Not to mention the resolvers of the ISP or the big open resolvers like
> OpenDNS or Google Public DNS, both based in PRISMland. (They see even
> more since the caching does not "protect" against them.)
A long time ago we looked into pushing DNS NS data in bulk, primarily as
a way to make it more robust against DDoS attack. But solutions in this
general space might also be used to improve privacy:
http://www.cs.ucl.ac.uk/staff/m.handley/papers/dnspush.pdf
Cheers,
Mark
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
