On Tue, Dec 31, 2013 at 2:17 PM, Nicolai <nicolai-om...@chocolatine.org> wrote: > On Tue, Dec 31, 2013 at 02:34:10AM -0500, nixlists wrote: >> Hello, >> >> OpenBSD has this package. Is it trustworthy? > > Yes, it is.
Fine, I'll believe you :D Have to trust someone at some point, and you don't sound like agent Smith. >> Anyone uses here? > > Yes; I installed the Windows client (same source as the unix > dnscrypt-proxy) on a friend's machine and it works like a charm. > For myself I just use a local DNSCurve resolver. >> I believe this works with OpenDNS, and a few other providers of "secure" >> recursive caches that support dnscurve through this package. > > That is basically correct. DNSCurve and DNSCrypt are very similar but > they are not the same. OpenDNS supports both: DNSCrypt from you to > them, and DNSCurve, when available, from their recursive resolvers to > remote authoritative servers. Didn't know that OpenDNS supports DNSCurve. Does anyone else? With the recent *cough*storm about the certain entities planting implants and penetrating our collective mind-orifices through backdoors, and, subsequently, obviously, the bad guys (whom the entities employ, again, obviously (not the leaker) now having the keys to the kingdom of the locks that they themselves have forged, why shouldn't the whole kingdom adopt DNSCurve or something like it to protect itself? Even DNSSEC adoption has been ridiculously slow, but it doesn't offer privacy. Also DNSSEC uses poor by modern standards crypto, and suffers from amplification attacks. One would think that DNSCurve adoption at this point would take over IPv6. Ahhh, DNS fantasies... :)) Happy New Year! (Although something tells us all we should be worried about this one!) The integrity of the 'net is now futile.
