[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] DNS resolution isolation in Tor Browser

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] DNS resolution isolation in Tor Browser
From: teor <teor2345@xxxxxxxxx>
Date: Fri, 15 Jun 2018 08:51:13 +1000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 14 Jun 2018 18:51:35 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:date:subject:message-id :references:in-reply-to:to; bh=0iyRa0qdRRJuafB33m9trce4HTmtybvuJQ3HkYt6ZGY=; b=Yy084wzjO5q9iwtgrZCG25/eLtgHM4wq5rFKzAlD2CrkoxEdYJIGHnsigmj1K8fsMU PLtOs5lmCtBKzLTZG70KacxtxnO2QbSn1auggvwbeeUVjbTlo5sCcewdKW78jg68LJp+ XRKHrOU1PQ+/9F0BWIHvxG56p477nJDW0StIEJa3KwIwBXOaHbF0MnAznV+P4GKPARSu uGbOufuNc7IIL4qJMpYMndjplWWl4shn9oXGoBbaaGuPcYpzQA5lAGDzS4nvluY1d8gH hBtvpsXUEIgO/TLUC+pLHsZhVYu6TeYj+odgLXQewkYnzWzKD3qCETo5ydsAEfdfYt/m Zm8w==
In-reply-to: <fde0fefe-e36c-efd4-1886-1ff9e3853c6b@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <fde0fefe-e36c-efd4-1886-1ff9e3853c6b@riseup.net>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

> On 15 Jun 2018, at 02:22, nusenu <nusenu-lists@xxxxxxxxxx> wrote:
> 
> Hi,
> 
> I haven't been able to answer this question by looking into the Tor Browser design document,
> maybe you have an answer:
> 
> imagine you have two tabs in Tor Browser:
> 
> 1: torproject.org (circuit A)
>  embeds some youtube.com content
> 
> 2: google.com  (circuit B)
>  embeds some youtube.com content
> 
> it will route the TCP connection via two distinct circuits (A and B) as described in the design 
> document [1]
> 
> 
> Will DNS resolution be isolated using the same logic?

Tor Browser does not perform DNS resolution.

Instead, Tor Browser uses SOCKS to send DNS names directly to Tor as part of
the SOCKS TCP connection request.

Tor sends the DNS name to the exit as part of the stream request.

The exit resolves the DNS name, then opens the TCP connection to the exit.

So DNS and TCP connections have exactly the same isolation, because there is
no separate DNS resolution step in the browser or on the Tor client.

T
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] DNS resolution isolation in Tor Browser
  - From: nusenu

Prev by Author: Re: [tor-dev] improving relay guide maintainability (was: Re: minor website update request: have the tor-relay guide ready for Ubuntu 18.04)
Next by Author: Re: [tor-dev] DNS resolution isolation in Tor Browser
Previous by thread: Re: [tor-dev] DNS resolution isolation in Tor Browser
Next by thread: [tor-dev] DNS resolution isolation in Tor Browser
Index(es):
- Author
- Thread