[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] DNSSEC

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] DNSSEC
From: merc1984@xxxxxx
Date: Sat, 30 Aug 2014 16:35:27 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 30 Aug 2014 19:35:41 -0400
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=f-m.fm; h= message-id:from:to:mime-version:content-transfer-encoding :content-type:subject:date; s=mesmtp; bh=ddavfl9twrHHxq3wZEWQ7e/ GY1s=; b=WojDpt2RFOTRQI/TbkRLmuVeTcD4qHKsNQOk2K6szYk56UjpgtYB+YQ sftiMUugIuImpQZ3QpCYiq3kcTNEE5S5Fu3yJ0sLGIg+PfP/5aHyT3Uo4s6ORe7i A2FbTNmYWIs9xIdgEZTGuAEcKCMXIt7q7xvN5rQD7e7MHMJL8v3U=
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:mime-version :content-transfer-encoding:content-type:subject:date; s=smtpout; bh=ddavfl9twrHHxq3wZEWQ7e/GY1s=; b=lmVvI9f7Rgl1RV2C3TiiTl1/tBgl xILWmERjkwF9czKRIfg3QC7jQIgM+/o5N4q7QrBuZESzjlCO2RI+6S21jJ+dBXlw 9xFfZgzbpv0Bb5p/n7JvCbxqRZd4vE+bYHLeD2KuGE5Zxvz5DwHYvVUkKavyqzbc 6hbXfxcW8TK7X7I=
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Does anyone know why TOR does not use DNSSEC?  The only documentation I
found on the TORProject website for DNS does not actually explain how
DNS works on TOR.  I infer it must be TCP, as TOR can not do UDP, and I
imagine that relay nodes must be the resolvers in order to resolve
.onion domains.  But beyond that there is no information on how it
works.

Seems to me that the lack of DNSSEC in TOR is a gigantic security hole.
(DNS cache poisoning)




-- 
http://www.fastmail.fm - Access your email from home and the web

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] DNSSEC
  - From: ÐÑÑÑÑ ÐÑÑÐÐÐÐ
- Re: [tor-dev] DNSSEC
  - From: Lunar

Prev by Author: Re: [tor-dev] Weather post-GSoC
Next by Author: [tor-dev] Globe Dev
Previous by thread: Re: [tor-dev] Gpg subkey for deb.torproject.org archive expired
Next by thread: Re: [tor-dev] DNSSEC
Index(es):
- Author
- Thread