Re: [tor-dev] New Proposal - CAA Extensions for the Tor Rendezvous Specification

Subject: Re: [tor-dev] New Proposal - CAA Extensions for the Tor Rendezvous Specification

From: Q Misell via tor-dev <tor-dev@xxxxxxxxxxxxxxxxxxxx>

Date: Thu, 27 Apr 2023 13:56:20 +0100

Delivery-date: Thu, 27 Apr 2023 17:09:48 -0400

Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1682629781; bh=lvfsrtaFTCRvMG9MjJY9AOBcLgBPrY1hMscbUSliI9U=; h=Resent-Sender:References:In-Reply-To:Date:To:Resent-Date: Resent-From:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:From; b=OD8aRW8qNLPV9SQkw5y788NAryfX2Iqwjf2//s8t+M/Y0pV3liHuUoaCn2Rcv6KG0 geOGlqVflQCch6qgB4G/kxNT5ozloKlLc3hGcswQGpIBeeRPoBCDNU8DrOG+oNHmON 2R4Gr5K34yCpMOa141dLWTQFXvzmMeMZjdZdYLilH5/UkPLHbetyljTEIN7SSDRdQh b1RnL2QWpsbooEVxEP9a4AeNCpvKPXMF0CeRCGOzQP8/9Uw/J4tEWXevYKV91U3kHR CCtlh9NnOy8zUOABLbYngCKqyhEor/2Nw1kc+IzlO2zfGdVoURuqmmSPjXM7DL9s27 VkAv76sGehagg==

In-reply-to: <20230427125431.GF16172@yoink.cs.uwaterloo.ca>

List-archive: <http://lists.torproject.org/pipermail/tor-dev/>

List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>

List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>

List-post: <mailto:tor-dev@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>

References: <CAMEWqGtMVpksgroYUh+LQHOy=9Cb3PSnrDF-7HPredym9Pd6mg@mail.gmail.com> <20230427125431.GF16172@yoink.cs.uwaterloo.ca>

Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx

Resent-date: Thu, 27 Apr 2023 12:57:05 +0000 (UTC)

Resent-from: w4bdyj@xxxxxxxxxxxxxxxxx

Resent-message-id: <20230427125705.94D05E2F29@xxxxxxxxxxxxxxxxxxxxx>

Resent-sender: w4bdyj@xxxxxxxxxxxxxxxxx

Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Yes, signed is what I meant. I will update the document.

Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № 12417574. ICO register №: ZA782876. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively.

On Thu, 27 Apr 2023 at 13:54, Ian Goldberg <iang@xxxxxxxxxxxx> wrote:

On Tue, Apr 25, 2023 at 01:02:28PM +0100, Q Misell via tor-dev wrote:
> Security Considerations:
> The second layer descriptor is encrypted and MACed in a way that only a party
> with access to the secret key of the hidden service could manipulate what is
> published there. Therefore, Tor CAA records have at least the same security as
> those in the DNS secured by DNSSEC.

Did you mean "signed"? If it's just encrypted and MACed, then anyone who
can decrypt and check the MAC can also alter the contents, of course.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev