[Cryptography] Heartbleed and fundamental crypto programming practices
Christian Huitema
huitema at huitema.net
Sun Apr 27 19:27:21 EDT 2014
> But it gets worse. The original framing for the problem is encryption.
> But my objective is actually authentication. Because for me authentication
is
> worth ten times encryption. I am far more concerned about making sure that
> Erdogan in Turkey can't block Twitter than stopping him seeing the DNS
traffic
> as the IP traffic that follows will show who is going to Twitter. Being
able to
> guarantee a link to a resolution and discovery service you trust should be
the
> foundation to all other security, including the ability to hook in
censorship
> busting transports like TOR.
Of course, it would be very simple to develop a web service that responds to
https://dns.someserver.com/GET_AAAA_www.example.com. That would be some
overhead, but it would meet the requirement of encryption and
authentication. It would also have the advantage of looking like web
traffic, hiding the fact that this is in fact DNS traffic meant to evade
censorship.
-- Christian Huitema
More information about the cryptography
mailing list