quad9-dnscrypt-ip4-filter-pri log messages

[llightcb]

1st: thx for this software.

because i don't trust DOH anymore, i switched back to dnscrypt, quad9-dnscrypt-ip4-filter-pri. after setting log_level = 0, syslog output: [quad9-dnscrypt-ip4-filter-pri] the key validity period for this server is excessively long (365 days), significantly reducing reliability and forward security. so, should i be concerned? i mean, this is quad9, not some random public resolver.

[lifenjoiner]

Stay calm.

1. Any technology is a double-edged sword. Bad guys can do evil things from any where, even using the excellent infrastructures. DoH is used by malwares, because of the cheap implementation by calling the OS crypto stacks, I guess. It doesn't mean DoH is not reliable.
2. X days long key validity period? By my understanding, it is like the period of the HTTPS cert validity, for which 1 year long is normal. But theoretically, long term will increase the the possibility of private key leakage and/or to be cracked. I even saw some with 10 years long. Adopt it or not, all depend on your choice.

PS: Be aware of those (FUD) manipulate your mind on purpose.

[lifenjoiner]

Dnscrypt protocol encourages shorter key validity period as providers can generate the key pairs freely, while HTTPS certs are issued by the issuer organizations.

[llightcb]

well, thx lifenjoiner for your detailed answers.