add another security note about what confidentiality guarantees DNSCu…

…rve offers
mdempsky · Feb 27, 2010 · b0c9381 · b0c9381
1 parent c42ecaf
commit b0c9381
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/drafts/draft-dempsky-dnscurve.xml b/drafts/draft-dempsky-dnscurve.xml
@@ -450,6 +450,12 @@ DNS after a few failed DNSCurve queries.  Of course, DNSCurve cannot
 make any security guarantees for transactions that do not use
 DNSCurve, so clients are encouraged to use DNSCurve if possible.
 </t>
+<t>
+DNSCurve adds some confidentiality by encrypting DNS packet contents
+but does not attempt to hide the length of the original DNS packet nor
+the source or destination of the packet.  Additionally, the TXT format
+requires clients to reveal the zone they are querying.
+</t>
 </section>
 
 <section title='IANA Considerations'>