Talk:DNSCurve
This is the talk page for discussing improvements to the DNSCurve article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||
|
Lemma
[edit]Shouldn't the title be "DNSCurve" instead of "Dnscurve"?
I agree! 14:44, 9 December 2008 (UTC) —Preceding unsigned comment added by 78.110.224.68 (talk)
- Done. --Kebes (talk) 22:05, 9 December 2008 (UTC)
Notability
[edit]Article is tagged for general notability guideline noted for possible future merging or deletion. Perhaps I'm biased towards this proposed protocol and its author, but in my opinion the concept is gaining notability and will likely continue to do so as implementations are published.
- Google search for DNSCurve with 14,600 results as of December 29, 2008.
- Slashdot article on DNSCurve, DNSSEC and gTLDs
BigMoneyJim (talk) 00:06, 30 December 2008 (UTC)
- DJB is well a well known programmer/computer security expert and notable in and of himself. That doesn't mean everything he has ever done will qualify under Wikipedia:Notability. More over, trying to predict that something may become popular is not allowed, as per WP:SPECULATION. Google hits, in and of themselves, does not show notability, see WP:GOOGLE. And, slashdot is not a Wikipedia:Reliable sources. DNSCurve is an interesting idea, it may take off, but right now a wikipedia article on it seems questionable. Wrs1864 (talk) 01:05, 30 December 2008 (UTC)
- Fair enough. I got to thinking later the page could always be recreated if/when it becomes more notable. BigMoneyJim (talk) 19:12, 30 December 2008 (UTC)
- The tag on the article does not mean that the article *will* be deleted, but anyone who comes along and decides that it really shouldn't be here can probably get it deleted via a the Wikipedia:Articles for deletion process. It is kind of a hint to anyone who disagrees to put some effort into trying to find proof of notability via reliable sources. Wrs1864 (talk) 19:37, 30 December 2008 (UTC)
- I'd say it's quite remarkable/notable that it's now used by a pretty large user-base - namely all those who use OpenDNS: OpenDNS adopts DNSCurve so removal should be out of question --Medwikier (talk) 00:42, 15 April 2010 (UTC)
- Fair enough. I got to thinking later the page could always be recreated if/when it becomes more notable. BigMoneyJim (talk) 19:12, 30 December 2008 (UTC)
- Agreed. OpenDNS has 30 million users alone. DNSCurve has multiple implementations and a growing userbase of tens of millions. The Notability tag should be removed. — Preceding unsigned comment added by Darthtwinkletoes (talk • contribs) 03:12, 10 May 2012 (UTC)
Implementations
[edit]The article currently says there are no known implementations, but this is out of date. I wrote a patch for djbdns adding DNSCurve support to dnscache [1], Adam Langley wrote a DNSCurve forwarder that I updated to conform to the latest spec [2], and George Barwood has added DNSCurve support to GbDns for both resolver and authoritative support. 67.180.8.35 (talk) 18:58, 7 June 2009 (UTC)
- I have updated the article to fix these omissions, and included some new implementations since your post.
Darthtwinkletoes (talk) 03:18, 10 May 2012 (UTC)
Authentication and encryption
[edit]AFAIK the goal of DNSCurve is to avoid sniffing. Sniffing is the reading of packets by eavesdroppers. Using sniffing, an attacker can easily spoof DNS responses. This means that he pretends to be the DNS server and thus mis-inform the client which he is attacking. To avoid sniffing, DNSCurve encrypts the packets. It does not do authentication. —Preceding unsigned comment added by 212.187.75.118 (talk) 18:46, 27 July 2009 (UTC)
- No, DNSCurve both encrypts and authenticates packets. 67.215.69.60 (talk) 23:46, 10 August 2009 (UTC)
- DNSCurve authenticates answers, to confirm they came from the nameserver queried. (They may also allow the client to authenticate itself to the server; I forget.) DNSCurve does not, however, authenticate zone data (resource records). If your upstream cache lies to you about records, DNSCurve has no way of knowing. —DragonHawk (talk|hist) 03:08, 13 August 2009 (UTC)
- Correct. DNSCurve protects an individual server<->server communications link, and guarantees to the requesting server that the response data is valid and unforged (it also shields the transaction's contents from public view, but that's not as important in the grand scheme of things). It is not designed to protect an end-user from a malicious cache. If you're worried about J Random Hacker injecting spoofed responses, DNSCurve solves that problem. If you're using your ISP's DNS cache and you don't trust them not to manipulate your data, DNSCurve does not solve that problem. If that's your problem, your options are: (1) Run your own local DNS cache, (2) Find an ISP you can trust, (3) Use a different cache than your ISP's, which you can trust (e.g. OpenDNS or Google Public DNS), or perhaps (4) Pursue legal action against the ISP for interfering with your data. —Preceding unsigned comment added by 96.228.64.62 (talk) 18:58, 20 April 2010 (UTC)
External links
[edit]The current page has an "external links" warning, claiming that the page may not follow Wikipedia:External_links. This was previously true, because older revisions had numerous external links in the body of the entry, when the first "external links" guideline is "Wikipedia articles may include links to web pages outside Wikipedia (external links), but they should not normally be used in the body of an article."
This error has been corrected and the page has been cleaned up, so I'm removing the external links message which no longer applies. — Preceding unsigned comment added by Darthtwinkletoes (talk • contribs) 02:13, 16 March 2013 (UTC)
External links modified
[edit]Hello fellow Wikipedians,
I have just modified one external link on DNSCurve. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
- Added archive https://web.archive.org/web/20090117023500/http://www.nsa.gov/business/programs/elliptic_curve.shtml to http://www.nsa.gov/business/programs/elliptic_curve.shtml
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}
).
This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}}
(last update: 5 June 2024).
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—InternetArchiveBot (Report bug) 23:13, 20 July 2016 (UTC)
External links modified
[edit]Hello fellow Wikipedians,
I have just modified 3 external links on DNSCurve. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
- Added archive https://web.archive.org/web/20120602083834/http://www.ecrypt.eu.org/documents/D.SPA.17.pdf to http://www.ecrypt.eu.org/documents/D.SPA.17.pdf
- Added archive https://archive.is/20121228005750/http://shinobi.dempsky.org/~matthew/patches/djbdns-dnscurve-20090602.patch to http://shinobi.dempsky.org/~matthew/patches/djbdns-dnscurve-20090602.patch
- Added archive https://web.archive.org/web/20130203105200/http://blog.opendns.com/2011/12/06/dnscrypt-%E2%80%93-critical-fundamental-and-about-time/ to http://blog.opendns.com/2011/12/06/dnscrypt-%E2%80%93-critical-fundamental-and-about-time/
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}}
(last update: 5 June 2024).
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—InternetArchiveBot (Report bug) 01:30, 3 September 2017 (UTC)
- Start-Class Computing articles
- Low-importance Computing articles
- Start-Class Computer networking articles
- Low-importance Computer networking articles
- Start-Class Computer networking articles of Low-importance
- All Computer networking articles
- Start-Class software articles
- Low-importance software articles
- Start-Class software articles of Low-importance
- All Software articles
- Start-Class Computer Security articles
- Low-importance Computer Security articles
- Start-Class Computer Security articles of Low-importance
- All Computer Security articles
- All Computing articles