Approach on encrypting DNS message over UDP
draft-zuo-dprive-encryption-over-udp-00
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Authors | Peng Zuo, Hongtao Li , Ning Kong , XiaoDong Lee , Guangqing Deng , Jiankang Yao , Nan Wang | ||
Last updated | 2016-01-03 (Latest revision 2015-07-02) | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document offers an approach to encrypt DNS queries and responses between the stub resolver and the recursive server over UDP to protect user privacy. The public key of the recursive server is distributed to the stub resolver through the Certificate Authority infrastructure, and the public key of the stub resolver is sent to the recursive server together with the DNS query where the public key is inserted to the additional section of the DNS query. Then the recursive server encrypts the DNS responses sent to the stub resolver with the public key of that stub resolver, and similarly the DNS query sent to the recursive server is encrypted by the stub resolver with the public key of that recursive server and thus the user privacy is protected.
Authors
Peng Zuo
Hongtao Li
Ning Kong
XiaoDong Lee
Guangqing Deng
Jiankang Yao
Nan Wang
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)