[cryptography] OpenDNS

Marsh Ray marsh at extendedsubset.com
Thu Dec 8 15:29:58 EST 2011


On 12/08/2011 01:09 PM, jd.cypherpunks wrote:
> David Ulevitch is rolling out OpenDNS http://david.ulevitch.com/
> What do you think?

I assume you're talking about their new DNSCrypt application.

They seem to be saying it's an implementation of DJB's DNSCurve protocol.
https://twitter.com/#!/davidu/status/144213491736248320

Some source code is here.
https://github.com/opendns/dnscrypt-proxy
AFAICT this is for a proxy to (guess who) OpenDNS only at this point.
I don't know if they're planning to release code for the resolver side. 
It may be intended for use with OpenDNS only.

The code is pretty clean looking, to the point of being sterile. No 
author attribution or even source code comments.

I haven't come across any protocol documentation. It looks pretty 
simple, mostly just encrypting the DNS packets as messages with NaCL 
cryptobox http://nacl.cr.yp.to/box.html .

Of course, the details matter and I haven't looked into it thoroughly.

- Marsh



More information about the cryptography mailing list