[svlug] (forw) [MaraDNS list] MaraDNS now has funding
rick at linuxmafia.com
Sun Apr 1 22:28:31 PDT 2012
Holy Lirpa Loof!
----- Forwarded message from Sam Trenholme <maradns at gmail.com> -----
Date: Sun, 1 Apr 2012 20:17:07 -0400
From: Sam Trenholme <maradns at gmail.com>
To: MaraDNS support mailing list <list at maradns.org>
Subject: [MaraDNS list] MaraDNS now has funding
MaraDNS now has funding
I am very pleased to let the community of MaraDNS users know that I
have gotten a $1,048,576 USD grant from an anonymous donor. In light
of this, I will be able to implement some features I have been meaning
to implement in MaraDNS.
== DNSSEC and DNSCurve ==
First of all, this funding will give me a chance to fully implement
DNSSEC and DNSCurve. Due to the amount of code that needs to be
written, I will hire Dan Kaminsky to help me implement the DNSSEC
code, as well has contracting Daniel J. Bernstein to write the
The code will be in separate modules and I hope it will be possible to
compile MaraDNS and Deadwood with both DNSSEC and DNSCurve support at
the same time; this is a logistical issue we will work out.
== Random number generator ==
In addition to contracting Daniel J. Bernstein to write the DNSCurve
code, I will also bring in Guido Bertoni, Joan Daemen, Michael
Peeters, and Gilles Van Assche who will work with Bernstein in
implementing a high-speed cryptographic block cipher with a 1024-bit
block size on 32-bit platforms, a 2048-bit block size on 64-bit
platforms, a 4096-bit block size on 128-bit platforms, as well as a
1152-bit block size on 36-bit platforms for our substantial number of
users who run MaraDNS and Deadwood on PDP-10s.
This block cipher primitive will be used in a sponge mode of operation
as a pseudo-random number generator for Deadwood.
We will also research making a hash compression primitive for 32-bit,
36-bit, 64-bit, and 128-bit platforms which is both very fast and
cryptographically secure from collisions as long as our attacker
doesn't know the primitive's randomly generated secret number.
== Other plans ==
I was hoping to be able to implement a 20nm 128-bit version of the
6502 processor with memory management and protected mode, as well as a
series of op codes to make processing DNS packets faster (such as
FINDDNSLABEL). Unfortunately, my anonymous donor will not give me the
$5 billion grant needed to implement this processor until our team
successfully implements DNSSEC, DNSCurve, as well as the
large-block-size cipher, not to mention the secure hash compressor.
This should all be done within a year, and I will then be able to get
a larger grant. I will let people know what that grant will let us do
a year from today, on Monday, April 1, 2013.
----- End forwarded message -----
More information about the svlug