[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [msmtp-users] Proxy support patch

On Tue, Oct 14, 2014 at 5:49 AM, Martin Lambers <marlam@xxxxxxxxx> wrote:
> On Tue, 14 Oct 2014 10:48:32 +0200, ilf wrote:
>> The Tor Project recommends SOCKS 4a over SOCKS 5 against DNS leaks:
>> https://www.torproject.org/docs/faq#WarningsAboutSOCKSandDNSInformationLeaks

> Yes, but only if the SOCKS5 application does DNS lookups itself, which
> we do not. What we do is basically what SOCKS4a would do.

That faq needs rewritten. It's not socks that 'leaks' what is passed
to it [1], it's the app leaking dns around the socks proxy it was told
to use (except for socks4 where that is the expected app behaviour).
Though once the app does properly pass a hostname to
socks4a or socks5, the socks server should resolve it.
Note that socks4a spec can and does handle a real IP just
like socks4, socks4a is thus not just strictly for hostnames.
Tor should not be warning about receiving an IP on its socks4a or
socks5 interface since technically it's both ok and commonplace for
users to specify only an IP as their destination. Save it for debug mode.
Tor also needs to move away from legacy mention of socks4 / socks4a
in preference to socks5. Or at least instruct to try and test socks5
configurations first... socks5 is the only one to handle ipv6.

[1] Unless your socks client lib is so crappy that it tries to
resolve namelikes itself in a leaky fashion without sending
them to the socks server.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to