marsh at extendedsubset.com
Thu Dec 8 15:29:58 EST 2011
On 12/08/2011 01:09 PM, jd.cypherpunks wrote:
> David Ulevitch is rolling out OpenDNS http://david.ulevitch.com/
> What do you think?
I assume you're talking about their new DNSCrypt application.
They seem to be saying it's an implementation of DJB's DNSCurve protocol.
Some source code is here.
AFAICT this is for a proxy to (guess who) OpenDNS only at this point.
I don't know if they're planning to release code for the resolver side.
It may be intended for use with OpenDNS only.
The code is pretty clean looking, to the point of being sterile. No
author attribution or even source code comments.
I haven't come across any protocol documentation. It looks pretty
simple, mostly just encrypting the DNS packets as messages with NaCL
cryptobox http://nacl.cr.yp.to/box.html .
Of course, the details matter and I haven't looked into it thoroughly.
More information about the cryptography