[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor DNS Deanonymization

To: "tor-talk@xxxxxxxxxxxxxxxxxxxx" <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-talk] Tor DNS Deanonymization
From: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Sun, 16 Oct 2016 01:15:32 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 16 Oct 2016 01:15:55 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=OfW0dwWcijng4evvdti2I5t3Ccaw61MnKGzhmEhls4E=; b=r1RnpyBjzBqY4f4db7dSmYvRSS7Z3iprA68WcmH/wZV8ODBusf7hMcU3n6Yz0lQeTd C1zOJoGxM3HZYDLhdMd8MlINnRmieYsjXhpkN/vYvkIvZICJJSZiiItacmtlhFoWdCyM 4cnXlEG3Av74GwUx5xFby7T5LqOgqUSJqUSOSnfwSZbwLSLLlZh5+u9oK/IZP2Mnxdl0 fcYfcEQufRlV8M32RBbTUW4IO/lJVyYFw2IwMKTo2cCmm2eeJrGYq3HeG1Hz6VeQYcDg ASs+sSuJ/j5G12YoMg6/SOfw9MdGsereZVqSS1W5T8Ac62q0x0N3r2Y81py4PVA0kiDc eKfA==
In-reply-to: <20161014150944.GG3449@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <2EA59F4E-6CB7-46E1-A234-4F830057DACA@gmail.com> <20161014150944.GG3449@riseup.net>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Fri, Oct 14, 2016 at 11:09 AM, Philipp Winter <phw@xxxxxxxxx> wrote:
 [...]
> There are two ways to mitigate the issue.  First, we need better
> defences against website fingerprinting, so an attacker learns less by
> observing the connection to your guard relay.  Second, we need to
> improve the DNS setup of exit relays.  I would like to see less relays
> use Google's resolver, and we need to move towards encrypted DNS.

Thanks, Philipp!

Could you comment at all about whether our current exit side dns
caching approach makes the attack harder, easier, or doesn't matter?

Best wishes,
-- 
Nick
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Tor DNS Deanonymization
  - From: Philipp Winter

References:
- [tor-talk] Tor DNS Deanonymization
  - From: Justin
- Re: [tor-talk] Tor DNS Deanonymization
  - From: Philipp Winter

Prev by Author: [tor-talk] Tor 0.2.9.4-alpha is released
Next by Author: Re: [tor-talk] Tor DNS Deanonymization
Previous by thread: Re: [tor-talk] Tor DNS Deanonymization
Next by thread: Re: [tor-talk] Tor DNS Deanonymization
Index(es):
- Author
- Thread