Talk:DNSCurve

Lemma
Shouldn't the title be "DNSCurve" instead of "Dnscurve"?

I agree! 14:44, 9 December 2008 (UTC) —Preceding unsigned comment added by 78.110.224.68 (talk)
 * Done. --Kebes (talk) 22:05, 9 December 2008 (UTC)

Notability
Article is tagged for general notability guideline noted for possible future merging or deletion. Perhaps I'm biased towards this proposed protocol and its author, but in my opinion the concept is gaining notability and will likely continue to do so as implementations are published. BigMoneyJim (talk) 00:06, 30 December 2008 (UTC)
 * Google search for DNSCurve with 14,600 results as of December 29, 2008.
 * Slashdot article on DNSCurve, DNSSEC and gTLDs
 * DJB is well a well known programmer/computer security expert and notable in and of himself. That doesn't mean everything he has ever done will qualify under Notability.  More over, trying to predict that something may become popular is not allowed, as per WP:SPECULATION.  Google hits, in and of themselves, does not show notability, see WP:GOOGLE.  And, slashdot is not a Reliable sources. DNSCurve is an interesting idea, it may take off, but right now a wikipedia article on it seems questionable. Wrs1864 (talk) 01:05, 30 December 2008 (UTC)
 * Fair enough. I got to thinking later the page could always be recreated if/when it becomes more notable. BigMoneyJim (talk) 19:12, 30 December 2008 (UTC)
 * The tag on the article does not mean that the article *will* be deleted, but anyone who comes along and decides that it really shouldn't be here can probably get it deleted via a the Articles for deletion process. It is kind of a hint to anyone who disagrees to put some effort into trying to find proof of notability via reliable sources.  Wrs1864 (talk) 19:37, 30 December 2008 (UTC)
 * I'd say it's quite remarkable/notable that it's now used by a pretty large user-base - namely all those who use OpenDNS: OpenDNS adopts DNSCurve so removal should be out of question --Medwikier (talk) 00:42, 15 April 2010 (UTC)
 * Agreed. OpenDNS has 30 million users alone.  DNSCurve has multiple implementations and a growing userbase of tens of millions.  The Notability tag should be removed.  — Preceding unsigned comment added by Darthtwinkletoes (talk • contribs) 03:12, 10 May 2012 (UTC)

Implementations
The article currently says there are no known implementations, but this is out of date. I wrote a patch for djbdns adding DNSCurve support to dnscache, Adam Langley wrote a DNSCurve forwarder that I updated to conform to the latest spec , and George Barwood has added DNSCurve support to GbDns for both resolver and authoritative support. 67.180.8.35 (talk) 18:58, 7 June 2009 (UTC)
 * I have updated the article to fix these omissions, and included some new implementations since your post.

Darthtwinkletoes (talk) 03:18, 10 May 2012 (UTC)

Authentication and encryption
AFAIK the goal of DNSCurve is to avoid sniffing. Sniffing is the reading of packets by eavesdroppers. Using sniffing, an attacker can easily spoof DNS responses. This means that he pretends to be the DNS server and thus mis-inform the client which he is attacking. To avoid sniffing, DNSCurve encrypts the packets. It does not do authentication. —Preceding unsigned comment added by 212.187.75.118 (talk) 18:46, 27 July 2009 (UTC)


 * No, DNSCurve both encrypts and authenticates packets. 67.215.69.60 (talk) 23:46, 10 August 2009 (UTC)


 * DNSCurve authenticates answers, to confirm they came from the nameserver queried. (They may also allow the client to authenticate itself to the server; I forget.)  DNSCurve does not, however, authenticate zone data (resource records).  If your upstream cache lies to you about records, DNSCurve has no way of knowing. — DragonHawk (talk|hist) 03:08, 13 August 2009 (UTC)


 * Correct. DNSCurve protects an individual server<->server communications link, and guarantees to the requesting server that the response data is valid and unforged (it also shields the transaction's contents from public view, but that's not as important in the grand scheme of things).  It is not designed to protect an end-user from a malicious cache.  If you're worried about J Random Hacker injecting spoofed responses, DNSCurve solves that problem.  If you're using your ISP's DNS cache and you don't trust them not to manipulate your data, DNSCurve does not solve that problem.  If that's your problem, your options are: (1) Run your own local DNS cache, (2) Find an ISP you can trust, (3) Use a different cache than your ISP's, which you can trust (e.g. OpenDNS or Google Public DNS), or perhaps (4) Pursue legal action against the ISP for interfering with your data.  —Preceding unsigned comment added by 96.228.64.62 (talk) 18:58, 20 April 2010 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 1 one external link on DNSCurve. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20090117023500/http://www.nsa.gov/business/programs/elliptic_curve.shtml to http://www.nsa.gov/business/programs/elliptic_curve.shtml

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at ).

Cheers.— InternetArchiveBot  (Report bug) 23:13, 20 July 2016 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 3 external links on DNSCurve. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20120602083834/http://www.ecrypt.eu.org/documents/D.SPA.17.pdf to http://www.ecrypt.eu.org/documents/D.SPA.17.pdf
 * Added archive https://archive.is/20121228005750/http://shinobi.dempsky.org/~matthew/patches/djbdns-dnscurve-20090602.patch to http://shinobi.dempsky.org/~matthew/patches/djbdns-dnscurve-20090602.patch
 * Added archive https://web.archive.org/web/20130203105200/http://blog.opendns.com/2011/12/06/dnscrypt-%E2%80%93-critical-fundamental-and-about-time/ to http://blog.opendns.com/2011/12/06/dnscrypt-%E2%80%93-critical-fundamental-and-about-time/

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 01:30, 3 September 2017 (UTC)