[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] DNSSEC

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] DNSSEC
From: ÐÑÑÑÑ ÐÑÑÐÐÐÐ <art.istom@xxxxxxxxx>
Date: Sun, 31 Aug 2014 10:14:11 +0000
Authentication-results: smtp17.mail.yandex.net; dkim=pass header.i=@xxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 31 Aug 2014 06:21:20 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1409480072; bh=KBtcvFqRDkFNTdrxeKbV4WS/P6yAhJrQGYjOUoLanXI=; h=Date:From:To:Subject:Message-ID:Mail-Followup-To:References: MIME-Version:Content-Type:Content-Disposition:In-Reply-To: User-Agent; b=gXVCSFUNU3OWvVvsBeD30lT1+IvkUmf0FWuE7nS9aXB1Z15ltkJba2iQ9aKAjHSDO LY9ThR0lWxQLMFc63qF/uACgCjnzJPIOIsVUJnV2e/+QiEVUuKVraZNsn01o+2yLbA i+3n/DRNqpERosnWJx6Ok2Mi14pHUEzgG/3zUPVU=
In-reply-to: <1409441727.75534.158608081.3A420182@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Mail-followup-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
References: <1409441727.75534.158608081.3A420182@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.23 (2014-03-12)

On Sat, Aug 30, 2014 at 04:35:27PM -0700, merc1984@xxxxxx wrote:
> 
> Does anyone know why TOR does not use DNSSEC?  The only documentation I
> found on the TORProject website for DNS does not actually explain how
> DNS works on TOR.  I infer it must be TCP, as TOR can not do UDP, and I
> imagine that relay nodes must be the resolvers in order to resolve
> .onion domains.  But beyond that there is no information on how it
> works.
> 
> Seems to me that the lack of DNSSEC in TOR is a gigantic security hole.
> (DNS cache poisoning)

Because DNSSEC can be themselves "gigantic security hole". Google it. It
is very questionable technology.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] DNSSEC
  - From: merc1984

Prev by Author: Re: [tor-dev] [OBORONA-SPAM] Decentralized VOIP over Tor
Next by Author: [tor-dev] problems building on osx 10.9.4
Previous by thread: Re: [tor-dev] DNSSEC
Index(es):
- Author
- Thread