[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] DNSSEC



merc1984@xxxxxx:
> 
> Does anyone know why TOR does not use DNSSEC?  The only documentation I
> found on the TORProject website for DNS does not actually explain how
> DNS works on TOR.  I infer it must be TCP, as TOR can not do UDP, and I
> imagine that relay nodes must be the resolvers in order to resolve
> .onion domains.  But beyond that there is no information on how it
> works.
> 
> Seems to me that the lack of DNSSEC in TOR is a gigantic security hole.
> (DNS cache poisoning)

See proposal 219 for the status of current efforts:
https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/219-expanded-dns.txt

Please contribute if you can!

-- 
Lunar                                             <lunar@xxxxxxxxxxxxxx>

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev