[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor resolver DNSSEC RRs

Are there any plans to add support for the DNSSEC related RR types to
the DNS resolver built into Tor? Ie, DNSKEY, RRSIG, DS, NSEC and NSEC3?
If not, I think it would be a good thing to add, now the root zone and
major top level zones have been signed, browsers are starting to
experiment with using DNSSEC signed certificates.

If the SSHFP RR type is added too, people who use OpenSSH with the
VerifyHostKeyDNS option can benefit from public key verification when
SSH'ing into a box for the first time, over Tor.

Whilst I'm here, I may as well request MX and AAAA support too I guess.
MX for people who want to run mailservers from inside Tor. You could
argue against AAAA support because Tor doesn't support IPv6 yet, but I'm
just asking for it for completeness more than anything.

Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list