[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] New Proposal - CAA Extensions for the Tor Rendezvous Specification

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] New Proposal - CAA Extensions for the Tor Rendezvous Specification
From: Ian Goldberg <iang@xxxxxxxxxxxx>
Date: Thu, 27 Apr 2023 08:54:31 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 27 Apr 2023 08:54:51 -0400
Dkim-filter: OpenDKIM Filter v2.11.0 minos.uwaterloo.ca 33RCsWnM006398
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uwaterloo.ca; s=default; t=1682600074; bh=h4I485j6iZhtwVYI61SUyI8vVRXjm6vTqbeCVuu4JVQ=; h=Date:From:To:Subject:References:In-Reply-To:From; b=TbQuXvdYBw3R4XzpE5UqfoJvDnDiJh8p/sw4PKXouRQCNKL0mnzDeh3CbrzLxyLOd HzCWqOGdiJ45OqlEbS/gsWCa45MB968R8IHAfad/l81+bIPDYGL2wIM5hM8Ixus0NK Q2YQGGdDVmAjjiUwRv7EU8cRCnrLtCwD80OyQSKU=
In-reply-to: <CAMEWqGtMVpksgroYUh+LQHOy=9Cb3PSnrDF-7HPredym9Pd6mg@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAMEWqGtMVpksgroYUh+LQHOy=9Cb3PSnrDF-7HPredym9Pd6mg@mail.gmail.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.9.4 (2018-02-28)

On Tue, Apr 25, 2023 at 01:02:28PM +0100, Q Misell via tor-dev wrote:
> Security Considerations:
>   The second layer descriptor is encrypted and MACed in a way that only a party
>   with access to the secret key of the hidden service could manipulate what is
>   published there. Therefore, Tor CAA records have at least the same security as
>   those in the DNS secured by DNSSEC.

Did you mean "signed"? If it's just encrypted and MACed, then anyone who
can decrypt and check the MAC can also alter the contents, of course.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] New Proposal - CAA Extensions for the Tor Rendezvous Specification
  - From: Q Misell via tor-dev

References:
- [tor-dev] New Proposal - CAA Extensions for the Tor Rendezvous Specification
  - From: Q Misell via tor-dev

Prev by Author: [tor-dev] goptlib moved to gitlab.torproject.org
Next by Author: Re: [tor-dev] New Proposal - CAA Extensions for the Tor Rendezvous Specification
Previous by thread: [tor-dev] New Proposal - CAA Extensions for the Tor Rendezvous Specification
Next by thread: Re: [tor-dev] New Proposal - CAA Extensions for the Tor Rendezvous Specification
Index(es):
- Author
- Thread