Re: OpenPGP Browser Support

[Adam Langley]

On Thu, Jul 24, 2008 at 3:37 PM, Duane <address@hidden> wrote:
> I have written in depth about this topic already, so rather than repeat
> myself I'll just paste a link to the relevant document:
>
> http://open-pgp.info/wiki/index.php?title=DNS_Encryption_Draft

This document seems to be dealing with something quite different,
namely providing some confidentiality to DNS resolvers. But that's not
an uninteresting topic in of itself.

However, rather than have queries encrypted to a server and signed
replies, I'd suggest that clients include an elliptic-curve
Diffie-Hellman public key in the request and encrypt the request with
the shared key (assuming that the client know's the server's key). The
server than calculates the shared key, encrypts the reply and sticks a
MAC on the end.

The advantage being that it should be a lot faster. Clients cache the
results and there's (effectively) no performance hit.

If a server can get a cache hit on the client's public key, it's
equally very fast. Otherwise (and this would almost always be the case
for root/gTLD servers), you can do about 4000 key
agreements/second/core[1]. For a modern, 8-core machine that's 32Kq/s.
I can't find recent data on DNS server load at the root or gTLD level,
although I suspect it's within an order of magnitude of that. For ISP
level server, that should be fine.

[1] http://cr.yp.to/ecdh.html

-- 
Adam Langley address@hidden http://www.imperialviolet.org