On 8/08/13 22:44 PM, Paul Wouters wrote:
On Tue, 6 Aug 2013, John Gilmore wrote:
* draft-wouters-dane-openpgp-00
* draft-wouters-dane-otrfp-00
These actually specify how to get authenticated key material from the
DNS.
Would they work?
(yes, asking for forgiveness for not reading them here...)
(However, they don't encrypt the DNS transaction, so the
identity of the user being communicated with is leaked to NSA and
any other wiretappers...)
I would suggest we address DNS query privacy in a generic way for all
DNS, although even if you just encrypt, it might not be enough when the
adversary has so many listening points, and the user immediately uses
the DNS information for another action (eg an IM message or sending an
email)
If I was the NSA, I'd make sure that people were focussed on solving the
entire encryption and traffic analysis problem. Complete solution, end
to end, with lots of options. I'd fight like hell to stop them just
solving the authentication problem.
iang
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp