Re: [tor-dev] DNS resolution isolation in Tor Browser

Subject: Re: [tor-dev] DNS resolution isolation in Tor Browser

Date: Fri, 15 Jun 2018 11:58:15 +1000

Delivery-date: Thu, 14 Jun 2018 21:58:33 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:date:subject:message-id :references:in-reply-to:to; bh=X5HZIi+8wqm2pdDN2yt5xJqDNxgKNqcgJoLnF0ZR/gE=; b=GtTESgmxP12xkqZrW9PyZOt0heBDWOPKwuYjrYKLBz83VrMyNIt81XrunCRJrq1Y0K zek/E9OIk+JAyu0tES38T47R+2S7E5w3djZcOa9Ad8mII4+xsYT2VGpjgAO3CM5ISV8u x97JlPiJfFfp8EJJN/4EYQaqwxs4CzO1Ul7lRYchjnqdFz7Oq3iK5p+PIa4+MrUOIq4g zqprSLYQ0zbzS+kVV9R2H/qeeRoiBN4fc5bchdIFUsHI+FVPI4V13ae+Yz2ResRQShva EyhO5YvNT9plg5hfjBoVKotLIXLDHD54favto+pwqYbYXAVQuzT4PFezZ5J7YG5vrUq+ thGw==

In-reply-to: <6971f87f-3311-f0cd-d48d-9e92965e2b73@riseup.net>

List-archive: <http://lists.torproject.org/pipermail/tor-dev/>

List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>

List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>

List-post: <mailto:tor-dev@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>

References: <fde0fefe-e36c-efd4-1886-1ff9e3853c6b@riseup.net> <6971f87f-3311-f0cd-d48d-9e92965e2b73@riseup.net>

Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 15 Jun 2018, at 09:16, nusenu <nusenu-lists@xxxxxxxxxx> wrote:

Thanks for the replies.

Does tor simply assume (try) that the exit policy allows the destination
address (not the port) or does it check the exit policy before selecting
the circuit?
(in that case it would have to know the destination IP
before building or at least selecting the circuit to use)

Most tor clients use microdescriptors, which only contain a port summary:

https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n1494

Clients check the port, and assume that the DNS name will resolve to an IPv4

address allowed by the exit.

_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev