Thinking about adding DHCP support to dnscrypt-proxy for automatic configuration. Store the DNS Stamps on the DHCP server (as a custom option), and you’re done. Worth implementing or bloat that no one will use?
-
-
Replying to @jedisct1
The IETF was looking into that recently. Obviously useful. Need 1) signed DNS stamps (to authenticate the resolver) and 2) binding between stamp and network. (to trust the resolver)
1 reply 0 retweets 0 likes -
Replying to @k0ntax1s
Good points. Signing the stamps (that themselves already contain what it takes to verify the resolver) is straightforward, since this is a single string no matter what the protocol is.
1 reply 0 retweets 0 likes -
Replying to @jedisct1
Question is where does the DHCP signing key come from. I’d be fine with the DHCP server having a key to sign the stamp and bind the signature to itself and its network and clients doing TOFU. Thoughts?
1 reply 0 retweets 0 likes
Clients can already have the public key. Keys will be pre-signed. Patching DHCP servers to do online signing would not be reasonable.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.