[Dnsmasq-discuss] git/svn/cvs? dnscrypt support?

Jason dnsmasq at lakedaemon.net
Mon Dec 12 00:45:48 GMT 2011


Ed,

On Sun, Dec 11, 2011 at 05:11:45PM +0000, Ed W wrote:
> On 08/12/2011 15:48, Jason wrote:
> > I saw this announcement [2] crop up, with code here [3] and I was
> > wondering about adding the feature directly into dnsmasq.  Obviously,
> > opendns is the first to implement it, but hopefully others will roll it
> > out as well.
> ...
> > [1]
> > http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2010q2/003922.html
> > [2]
> > http://it.slashdot.org/story/11/12/08/1353203/opendns-releases-dns-encryption-tool
> > [3] https://github.com/opendns/dnscrypt-proxy
> >
> I'm a touch cynical about anything that says cryptography, but doesn't
> have a mathematician obviously behind it and endorsing it.  It's just
> too easy to invent crypto that you can't break, but doesn't withstand
> proper prying eyes/minds.

Very true.

> The counter argument tends to be that something is better than
> nothing, but there is a hidden cost which is that of writing and
> maintaining code

There be dragons...

> So with that in mind, are there any discussions for/against this move by
> opendns?  I believe that the original idea comes via DJB?

Yes, based on the commit history (hint, hint) [1], they've incorporated
suggestions from a recent review of his.  Some of the code was
originally his as well [2], NaCl.

> I read that opendns have picked an unusual curve to run with as the
> standard crypto choice? Are their any benchmarks on performance?

Not that I've seen.

> Cool idea - just curious to see how it's going to get set in stone for
> final implementation?

Server code needs to be released?  Convert to library with a stable api
so many other dns projects can integrate it without rolling their own
code?

thx,

Jason.

[1]
https://github.com/opendns/dnscrypt-proxy/commit/628eaa9dfc2fd1b5d55ead505efb1febf6227feb
[2]
https://github.com/opendns/dnscrypt-proxy/blob/bc0125e24fde91d8a6c60d7976d5a6bd4b85d9ab/COPYING



More information about the Dnsmasq-discuss mailing list