[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Should new exit relays be probed for public DNS resolvers

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Should new exit relays be probed for public DNS resolvers
From: Iain Learmonth <irl@xxxxxxxxxxxxxx>
Date: Thu, 5 Mar 2020 14:36:45 +0000
Autocrypt: addr=irl@xxxxxxxxxxxxxx; prefer-encrypt=mutual; keydata= mQINBFZp8zEBEACxOYriD+tEuc3Wpnbh+GGnyiaLEMABBrfn6JlDQphbBq/YTz9M9OPkttjx hLL/yrxlM1nD69XbGKQ9gIL3LEgOz9+OdivPbN+Q5iNMqk/WCQUqd3bCFbbsn1yvoTumFy9S 9kYX45Db3jRJoN/Nye6Stf7KKPxHxot14iY+PUR/5Gx5KbeWVKfDtQejGnhxQD73KjrX4wds BAaxnQ7KbjQyUf+IxE+8qSDcyTP+pPqxspVzx+eFqsW5+kK1eJMHxJmY/KsAs6IsGf5lvyDJ JECc2iE0mFS6vc14lGcD7BAYMPRnvlK3OcDlbdJS3ZU0LQu3/AplM7cNcesq2Btm06OUTsbj 10ZiyLi7Q0WZRuUbn7t3jOQVyOlNfjUpJhKPMMobBL2R0KzcptJbUrKc08wZD/TPaXuHKWAE JuA6kFMXtHhV8Qhxz5/d2KUA8ex+zpVd2xSR6q4llcYu1w8zHZtLN+YKSmjjKs+AjiTrCMYs OYxt4cwxuaIIhBNvCC9WqZOxHX7YHmpVcSV6K9Wwhk9mVIU3Ii0G2HWs6OQ0vIueCDGMEdVk ig/a7cVlfXNz7WuaXuhOJmHz6d6Yk4dFn5mLbEY9cZhBxf5hjCwtp9b6v+ueuptfcnOd+38G 9KH6NyHKZyS4jcd3E6Dp0+9Isbl/EohjPCujevoW3/DlT08OKQARAQABtDRJYWluIFIuIExl YXJtb250aCAoVG9yIFByb2plY3QpIDxpcmxAdG9ycHJvamVjdC5vcmc+iQJUBBMBCgA+AhsD BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEEqPe6UEHhMzOcuhaWdtWAk/VAq80FAl5b2BoF CQi3pekACgkQdtWAk/VAq80lWA//Zn4lImfFJwsXUkbb6BgVo0/u262kaY77EWanF140PH8R AuApF5LwZ3FUu3UkrCzFKzCg2SFho5mF2lZoMP+gfGDbY+9m6SC2OT9N+LrOSE1OATQA16Kv SJ3vFol/O2EUcV47Tn/4aLasOBy4iasndZgDKLWYNKXlunNA+eOK/qhU1qh+tAuRaO+ZucLy z0GsrumhmsA7MQ4+P4MVomXarIlPMIbynbz3AbaterpN9rmmCW+JURafNos8kLwH1mV6qqKu 8LOV5dlrQFV/pzFocCrqBundgdWxKN7CFoHTVUVSKJxVFvTD5v9dfhiX8zmW/zBa0QmNXZBw tegkgK0gv1SbSOWJ/0Q+w8+Sg2D11+NKc4tB164zytqDS2+cTpjfb1l8LUZ/bKhT4IVAEvd6 tQra42vU0jx2pcPr2kN7sQSZamE9aE38zRtMaXHcTEr+XfwEcIiPoqe47leqhpubCbhAc+oT iCuL/AWqYtMIKQhv9okHpS7Mc3gGOq+5wajR/VN030+xEwfByaxDNvcT+GFaLTvrfUd9qgll dKgZpNSk9c5jYAUU+6/qPdplJP9dZ3DeLRqfAiMGYYoCBChxgcGq+RFnIQW6LOhOvCuRT4k3 RV/6FcIwieTtGc70LR91q5CS891FebVgzPYShuVGpwN/gxF5IrzuhNWqLMw1GKW5Ag0EWmt/ jQEQANhwgR5fq1Slk0T0Sh7Tkc5LjanQH1VuNTxOE7wzcYXrgva2ic4zdhLc2QHP9G4kz0AY /oLxtw5Sj/IMtdzBHKDBXgiqBmvkrz7mOZSQQh6K/JBcKau4MorzB80Z/Z6XQcfFKQh61+8e Im/I7AnJFUELxDe8CYmkJYKVJS9b+i9RNFvXAsamOkClcyXqPYBB9bBI8QlZHweTWDsXJqul xjHLjCWOQyJxfl9xFmlSJtskrLEmprw/PaOtXglrz/2vadn2lL3ack9V1ux9ALa5q8Oc6dnx vA/W3palFpdBoz75FckhRfliYNfdCpgo86w00bJvbJ1f6XfBIBYvsAvrIRWIkMYEmhTYm4xG gEDWz5CvGuuzkF7kJwfPdj1RgVe80JHr9OJc8ZrafBb/p35ldLxmhDi16j2VOj58CKwpi3En nMOMPteDxmCZrWeYKhfwgVAP4/zc4+9vmTp5Wpze00DnQ9MEinmJ2bxf6TyQP36Bf/8zgJVs rpqMOaumbwwmcUh85Q1PXneVWX2ryEv1I7xVMpW4APZDeOMiiHb+EpXPLTPBvXTerd/Pwzb7 WLKNpZI4tl/vh88INdrs3xZd174skDJNaNSnqzUP2kNYcxWZSH/FP4AH1IXvIxwIr9g0RpvY oX55ALOSQOdZ9ioCjf9x9mvnBsehcoEPrgozljzpABEBAAGJBHIEGAEKACYCGwIWIQSo97pQ QeEzM5y6FpZ21YCT9UCrzQUCXlvYCQUJBLYZcAJAwXQgBBkBCgAdFiEE/ps4MHN0fw3t6Aud F4mIfdjVvF0FAlprf40ACgkQF4mIfdjVvF0NJBAAuAVw1aY3IUtp8ZRI5xuhieVFDbye7z86 gP5KW8cAMKTpuowD7E3Rm31R2Pb5dX+vZlunSTBPuzRVnVNd6Kj7CR8BR426L48ogSUfIh4V IWiYxXn4DqqNGow+saPI8VwJ/y80NSb2v+qUdv7us052vs9UBBnI/zl8XrnUNix+B0g+jekT ENEVD9fNJ+9YE9cn80wLGKBx047id1IqgOeJShjE13WRj7sa+LhB8FtoOUeXduQ1sJBZTVJq XW9v0e2PNc37cc8VATrA+3HNSQJY1PETDxjJ1TW8gALpZQrfR+FDu/d2vALdULw/djCeIpl0 dr79isd6mINBKTkEcR8XPQjDUnrnO1U18YETo71N5Z6HpvaV5/XWLUl81wovddpVRvwbwuFP bJE506UiQJrthPKi6s670VBV6u5I+5+h6D+CHp1xp0Bq8PLz0EwqjZwOiLAByBT/ryD2ZY8+ 2rP9gphnEBcCtyp6Fz6Q0KyutpCPv94b4OU0eUTvl3Nroq2GWGGHAV+8r1uXpqdNSHxYmQgy b3H1dvObmE37L3BWrVNzeFb0USNiV04up/55QUrqrz7kLdBO0ZVMVLU3j7e48KcbJG2yzNHZ dnQa+ZMMIRFtm8vzSt+jEIwodi6nOeBgEiqODF8TZPbTc6183ErFoYc/FuhkUh0aR0MLZ92Q bPEJEHbVgJP1QKvNlA8QAJFV0LsPsmWqzQ/5aN4iw4HuS205fG0cV9TMjVzVhsBOTOFR8jtT I74vuO5bPNE/2tvrcsaaXh3W3IrkzoRNlRecRg8ZkxlAlICEkMbG09aZUtY5lao5YDNjxULM 9L5pLOji5NcHdnG0RcDc6G1fNlogTLWslVhXXbfp0WhdGWM3ajnGgTCg8THoN8LkzCzld+7V 1sw13wyuEffmpjA0wPlV7sXhbgO7XpbmCruPxNBrIfh42CLoHMWHpjAiDcMvcHKfdrjIGmRd SIqcdCz1PjwZZqx/lcyv3AddMBJglcabgAVHCayWzw05o4ZeVJ2Uiq5JOErpwCjU/hKsIhj2 J96D/aT1Vkp5LpgAmJA35TAa7BWbOw+CHwud74xulenQMz7PC/XoSMKKxueWX89AJmTPAS6H t1Vi5a+zQh2IsKbL54cB0mndYMlVpNzn2p71wcKADDq+9C2AlVeiKqU4/mkRGm2dGOBUlDb/ fLViuvCA/Of5hK4/MvpikLe5brfdrXQy80H7EDuU52rfrUx++xYHH//Xl/KPHU0bw5Ul8QZ0 CDTpI3n/DqdakCX2vQg+rddXsrgmr68rY3sUnakqbzHLH5v5xBzsYwqpZL/nzZ6gWuOXduiG D+ZWGIMBldNqImx4bLjfPsXR9agWOC1Zp24FDCOzc/N15qU2+hQDAmviuQINBFprf6sBEADO ANf22so7uoGcvok2TM/T8BHI5+TqHEc4hVe+JGGJ1ZnWlgtGmpOs0fOQj3WAgGI0ZmTqMuoz KF/K9ljbjaMXsLD+JIBTD4rINy60VX2zHhmWhNaOcJvq+wbuHx0tMbhqsTStGnSkvRhH61nc MqVqlTTTLVQQSxKl9D2l7ZGwEPLHRFlydTOOix+F+Y1ehxYLVaPkaycs8wvgjYsDLo3T8Tmu OL+rcEfvxJ6lT2V5I51xqievqoBazAfXvA8FW/0G+Z9LUJmViOVluWg3xjP8okKYgOkOeX00 vMBCVaiEA08oaxY0ebS7uBEgppjWSwn+WAhB+6spd67d4W+DmAnM262lxFMhVYhXpfeV9zyg ULQOofdE6xtFkaxr/y8xQ4Bf7zX8ko6X9aFQFB/vc+zUtjzjg4VaQvWrThjaHlbEKR55MDxJ u2T9S7g5bR4zxZNv36gwlIdmx33a1AeR1nGcWa/7OtoS53+lUwyFVWLOnucqKh71Y38AAMd5 L9Fsb+ArQem71knEUTC+HvBGkPb2Y2PzGnnzhZyC8zgE8AjVD0wB+RMDNI3+fIW6biKAHDqr S6ZCVkzJ1R9nOjXMHRYZ5qlG+rCOeu6Jp4yNwp46z4PqiiLJ9NtmdNttLCEn5PDVF3g9g811 JcadvFVH1ZELoDGWMg3Q+QOHQBFYj7cj2QARAQABiQI8BBgBCgAmAhsMFiEEqPe6UEHhMzOc uhaWdtWAk/VAq80FAl5b2AkFCQS2GVIACgkQdtWAk/VAq81Pmg//X16/rzy+xbcupMOrTuEh m9w9/3nL/GtL2e46g7QP3HDFXfhILHIIbUgcP6T+RJDsXuMSrcazyAfQNq7skqFcSwR/BD9E 7RwWQ1kFc4q0vGT7FH76xEAzqEK9rENSKiS9cETFBLCiClhUTeLP9tXNy9hzXnWlv5z6ThwX /1WRtqv5uo9OLf94ayjUh2d6g/4U5Z/uFRBJMpBukRID1NOSyHbLbXcw6LajDJyKlHhD2T8v 4DY7lQJ677YkJt8adETf5zJ/W+vyT1a8bydRSFsoIomSc5xMbRwShQMvOAJGJaUmTM4hMINI ZnmnrULsedxci12B8P72C5XhaOIch+z3AMH6/7nPWAV7pptzKadQ2yEL4EK1TKwrn5OEtVLC rY8z2p8yklCLiiKX5sXJWZaZtWWOw0jVo9S62PCnkbTVc9v3WJU89KmyMOZ/br302F+PP7eJ pqe3WfZ2phZBNs5qpq79hkWPe17xhcE/yJJdVgBKTvZ0C4zb24wfFWowAP+s4bpyxRfeNtTs 24vuv5SDF3Zo7yY1Wj5xRJvwBRD/9ORgPKAyY0vqv+C3irkyvCcE6pqQLu2LejzlJ/3HUP3z Ey2MFl9r4heZPYRvRA/k1Kg1ysjlr84IpFbXZftrp8ZDTJ+Vh3IO4+GgnELTTdlSS+VYpqxS CVR5fb0Vu0rKyOs=
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 05 Mar 2020 09:37:03 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=+Yr914 dQ9X8VOQQMIAgnfv2/DBcrgOPiychLLeO62+M=; b=X8SDS+EVlHfoABQokEH5MS E6U+EJ/v1AG1/RPX/mT1hD42BW0FbRMkttNNR+uBNeyUxU3FYZFoOTlWAc/6nTTJ f2FZZfBWy0RFvdBvXJXrukQnDCKMC9XOcjU9Ztvx7CvuZm/KjL8WAMAvSykuxkNd xALzmPkOdsH3dTdFSXYycAuCImUdDzUsUTvkwMrTroj/0lgpl5UJSO+WB9yDBYIR Tzprpz+atlN5ekCYKG+ipEusSsvqNi6xzuKxGC3ypHL/ru6N1ycQTldsXghwzZBb kEH6DodWHix7zewGYwhkaMrHs+thz5uQopYjal/uj5Yz9QnWKoO747P6EMFACE3w ==
In-reply-to: <RbqpYH3VgCVU00Zg4Zv3Xo__zV_9iuFbLrUWNP4uaxnSEJHBfGrwOo7NB39LP9ypspSsv-eBgOHeWj4sZlIxOc5fjnKQ3fecr28T77Y-VpA=@protonmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Organization: Tor Project
References: <mET1tfPxpY3WYWFVOVAAshDFS-7l2xEcuyRyXmfCQ7lTFWo1oNQIZJHZxjn8pvNSFJA_zk61S5X0vqU8iDdTtHlsYYhCwD8KNUHcmO0p-5Y=@protonmail.com> <CAFWeb9Lz5iN3jWy4Hz+gWAABBd21chREo-UuRqU79aOjRZTTHQ@mail.gmail.com> <RbqpYH3VgCVU00Zg4Zv3Xo__zV_9iuFbLrUWNP4uaxnSEJHBfGrwOo7NB39LP9ypspSsv-eBgOHeWj4sZlIxOc5fjnKQ3fecr28T77Y-VpA=@protonmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0

Hi,

On 05/03/2020 14:20, Nathaniel Suchy wrote:
> It’s not a threat model issue.

Who gets to see Tor users DNS requests is exactly a threat model issue.

> It’s more of a let’s make Tor less
> dependent on a few public resolvers. Running our own resolvers just
> makes more sense at such a scale.

Availability of DNS lookups to Tor clients is a threat model issue.

Thanks,
Iain.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Should new exit relays be probed for public DNS resolvers
  - From: Alec Muffett

References:
- [tor-relays] Should new exit relays be probed for public DNS resolvers
  - From: Nathaniel Suchy
- Re: [tor-relays] Should new exit relays be probed for public DNS resolvers
  - From: Alec Muffett
- Re: [tor-relays] Should new exit relays be probed for public DNS resolvers
  - From: Nathaniel Suchy

Prev by Author: Re: [tor-relays] website support
Next by Author: Re: [tor-relays] playing around with relay flags?
Previous by thread: Re: [tor-relays] Should new exit relays be probed for public DNS resolvers
Next by thread: Re: [tor-relays] Should new exit relays be probed for public DNS resolvers
Index(es):
- Author
- Thread