[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #14424 [Tor]: Connecting by Hostname

Subject: Re: [tor-bugs] #14424 [Tor]: Connecting by Hostname
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 01 Jan 2016 14:14:40 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 01 Jan 2016 09:14:53 -0500
In-reply-to: <046.57d2e794d3385352e228335ab08cea49@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.57d2e794d3385352e228335ab08cea49@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#14424: Connecting by Hostname
-------------------------+-------------------------------------
 Reporter:  Kyuske       |          Owner:  tbb-team
     Type:  enhancement  |         Status:  new
 Priority:  Medium       |      Milestone:  Tor: very long term
Component:  Tor          |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+-------------------------------------
Changes (by teor):

 * priority:  High => Medium
 * component:  Tor Browser => Tor
 * milestone:   => Tor: very long term


Comment:

 This is a core tor feature request.

 It could be implemented by extending ReachableAddresses to resolve DNS
 names when parsing the policy.

 But there are a few issues with this:
 * DNS resultion results change, we would have to periodically refresh the
 policy;
   * do we do this based on record TTL?
   * what if DNS fails? temporarily? permanently?
   * this has caused us other issues in the past
 * DNS names can resolve to multiple IP addresses depending on time and
 location and various other factors, how can we know we have them all?
 * tor tries very hard not to depend on DNS because it can be a weak link -
 it's not authenticated,
 * leaking the sites users are prepared to access via DNS queries could
 identify the user, or make those sites the target of attacks.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14424#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #13160 [meek]: make a deb of meek and get into Debian
Next by Author: Re: [tor-bugs] #14883 [Orbot]: Orbot handshake fails on networks with Blue Coat Systems' technology
Previous by thread: Re: [tor-bugs] #13160 [meek]: make a deb of meek and get into Debian
Next by thread: Re: [tor-bugs] #14883 [Orbot]: Orbot handshake fails on networks with Blue Coat Systems' technology
Index(es):
- Author
- Thread