Thinking about adding DHCP support to dnscrypt-proxy for automatic configuration. Store the DNS Stamps on the DHCP server (as a custom option), and you’re done. Worth implementing or bloat that no one will use?
Good points. Signing the stamps (that themselves already contain what it takes to verify the resolver) is straightforward, since this is a single string no matter what the protocol is.
-
-
Question is where does the DHCP signing key come from. I’d be fine with the DHCP server having a key to sign the stamp and bind the signature to itself and its network and clients doing TOFU. Thoughts?
-
Clients can already have the public key. Keys will be pre-signed. Patching DHCP servers to do online signing would not be reasonable.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.