On 08/12/2011 15:48, Jason wrote: > I saw this announcement [2] crop up, with code here [3] and I was > wondering about adding the feature directly into dnsmasq. Obviously, > opendns is the first to implement it, but hopefully others will roll it > out as well. ... > [1] > http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2010q2/003922.html > [2] > http://it.slashdot.org/story/11/12/08/1353203/opendns-releases-dns-encryption-tool > [3] https://github.com/opendns/dnscrypt-proxy >
I'm a touch cynical about anything that says cryptography, but doesn't have a mathematician obviously behind it and endorsing it. It's just too easy to invent crypto that you can't break, but doesn't withstand proper prying eyes/minds. The counter argument tends to be that something is better than nothing, but there is a hidden cost which is that of writing and maintaining code So with that in mind, are there any discussions for/against this move by opendns? I believe that the original idea comes via DJB? I read that opendns have picked an unusual curve to run with as the standard crypto choice? Are their any benchmarks on performance? Cool idea - just curious to see how it's going to get set in stone for final implementation? Cheers Ed W
