Hi Vint,
On 8/15/24 00:06, Vint Joseph wrote:
The core idea/synopsis
We plan to implement a system using elliptic curve cryptography. A preshared
key, referred to as the public key G^S, is distributed from the dns server to
the client.
How?
Best,
Peter
The server retains the private key S and the corresponding public key G^S, while the client receives the public key G^S. When the client needs a DNS response, it generates a key pair consisting of a private key C and a public key G^C. The client then sends a DNS request encrypted with the shared key G^CS and includes its public key G^C in the DNS extension. Upon receiving the public key G^C, the DNS server computes the shared key G^CS using its private key S and the client's public key G^C. These are ephemeral keys, ensuring that each DNS packet has its own session keys. The DNS server responds to the DNS query and sends the DNS response encrypted using G^CS. If the DNS server plans to change the keys, then a public key G^S1 is sent to the client , in the response packet. But these are optimizations which can be
done later.
Thank you and I'm looking forward to your feedback!
Best regards,
Vineeth
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
--
https://desec.io/
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
