Skip to main content

Approach on encrypting DNS message over UDP
draft-zuo-dprive-encryption-over-udp-00

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Peng Zuo, Hongtao Li , Ning Kong , XiaoDong Lee , Guangqing Deng , Jiankang Yao , Nan Wang
Last updated 2016-01-03 (Latest revision 2015-07-02)
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

This document offers an approach to encrypt DNS queries and responses between the stub resolver and the recursive server over UDP to protect user privacy. The public key of the recursive server is distributed to the stub resolver through the Certificate Authority infrastructure, and the public key of the stub resolver is sent to the recursive server together with the DNS query where the public key is inserted to the additional section of the DNS query. Then the recursive server encrypts the DNS responses sent to the stub resolver with the public key of that stub resolver, and similarly the DNS query sent to the recursive server is encrypted by the stub resolver with the public key of that recursive server and thus the user privacy is protected.

Authors

Peng Zuo
Hongtao Li
Ning Kong
XiaoDong Lee
Guangqing Deng
Jiankang Yao
Nan Wang

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)