Package: wnpp Severity: wishlist Owner: Sergiusz Pawlowicz <deb...@pawlowicz.name>
* Package name : curvedns Version : 0.87 Upstream Author : CurveDNS developers <curve...@on2it.net> * URL : http://curvedns.on2it.net/ * License : CurveDNS (retain COPYRIGHT file, public domain) Programming Lang: C, C++ Description : Forwarding implementation of the DNSCurve protocol CurveDNS is the first publicly released forwarding implementation that implements the DNSCurve protocol[0]. DNSCurve uses high-speed high-security elliptic-curve cryptography to drastically improve every dimension of DNS security: * Confidentiality: DNS requests and responses today are completely unencrypted and are broadcast to any attacker who cares to look. DNSCurve encrypts all DNS packets. * Integrity: DNS today uses "UDP source-port randomization" and "TXID randomization" to create some speed bumps for blind attackers, but patient attackers and sniffing attackers can easily forge DNS records. DNSCurve cryptographically authenticates all DNS responses, eliminating forged DNS packets. * Availability: DNS today has no protection against denial of service. A sniffing attacker can disable all of your DNS lookups by sending just a few forged packets per second. DNSCurve very quickly recognizes and discards forged packets, so attackers have much more trouble preventing DNS data from getting through. Protection is also needed for SMTP, HTTP, HTTPS, etc., but protecting DNS is the first step. What is so special about this implementation is the fact that any authoritative DNS name server can act as a DNSCurve capable one, without changing anything on your current DNS environment. The only thing a DNS data manager (that is probably you) has to do is to install CurveDNS on a machine, generate a keypair, and update NS type records that were pointing towards your authoritative name server and let them point to this machine running CurveDNS. Indeed, it is that easy to become fully protected against almost any of the currently known DNS flaws, such as active and passive cache poisoning. CurveDNS supports: * Forwarding of regular (non-protected) DNS packets; * Unboxing of DNSCurve queries and forwarding the regular DNS packets * Boxing of regular DNS responses to DNSCurve responses; * Both DNSCurve’s streamlined- and TXT-format; * Caching of shared secrets; * Both UDP and TCP; * Both IPv4 and IPv6. [0] http://www.dnscurve.org/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120109132953.24378.55673.report...@sid.pawlowicz.name
