Hi Stephane, On 09/25/2013 01:15 PM, Stephane Bortzmeyer wrote: > On Tue, Sep 24, 2013 at 11:31:10PM +1200, > Andy Wilson <[email protected]> wrote > a message of 104 lines which said: > >> Have you seen DNSCurve? http://dnscurve.org/ > > Channel-security solutions like the non-standard and poorly documented
Non-standard we can fix and we do our best to help with poorly documented as well:-) > DNScurve provide confidentiality against a passive third-party > observer. Not against the operators of the authoritative name servers > who see a lot of traffic and can share it with others. (For instance, > several of the root name servers are managed by the US army or a US > government agency.) > > Not to mention the resolvers of the ISP or the big open resolvers like > OpenDNS or Google Public DNS, both based in PRISMland. (They see even > more since the caching does not "protect" against them.) > > To summary, modify DNS to ensure confidentiality is highly > non-trivial. Right, I agree its non-trivial and that some servers somewhere will see the queries and responses and could be part of a monitoring network via collusion or coercion or as a result of being hacked. I guess I'm wondering though if its worthwhile and if there are folks who'd be willing and able to do the work. Or at least some initial work - I don't think this is one where I'd expect its likely somoene can just write a nice short draft and be finished very quickly. S. > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass > > _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
