[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor resolver DNSSEC RRs

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor resolver DNSSEC RRs
From: Jacob Appelbaum <jacob@xxxxxxxxxxxxx>
Date: Tue, 29 Nov 2011 12:13:26 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 29 Nov 2011 15:13:47 -0500
In-reply-to: <CAMfhd9XomrKMwWRJX=+qWbz9WQ+DnepWEL31ngEDwidNft-mmg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Openpgp: id=42DDE84F; url=http://www.appelbaum.net/gpg.asc
References: <4ED4BCB6.7060504@xxxxxxxxxxxxxxxxxx> <CAMfhd9XomrKMwWRJX=+qWbz9WQ+DnepWEL31ngEDwidNft-mmg@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: mutt

On 11/29/2011 06:35 AM, Adam Langley wrote:
> On Tue, Nov 29, 2011 at 6:06 AM,  <tor@xxxxxxxxxxxxxxxxxx> wrote:
>> If the SSHFP RR type is added too, people who use OpenSSH with the
>> VerifyHostKeyDNS option can benefit from public key verification when
>> SSH'ing into a box for the first time, over Tor.
> 
> (It's important to note that OpenSSH trusts the AD bit in the DNS
> reply. So, using it with Tor's DNS resolver assumes that Tor acts as a
> full, validating, DNSSEC resolver. It would likely be more expeditious
> to figure out a way have Unbound forward over Tor.)
> 

That's something that I've started to work on with letoams and there's a
bit of progress here:

https://gitweb.torproject.org/ioerror/ttdnsd.git/blob/665a534df8394d221f07a9155eee6211ddc33f1c:/misc/README.unbound
https://gitweb.torproject.org/ioerror/ttdnsd.git/commit/14c806d5ec0d6a171532c84c5e0fdbe7974e3f20

All the best,
Jake
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Tor resolver DNSSEC RRs
  - From: tor
- Re: [tor-talk] Tor resolver DNSSEC RRs
  - From: Adam Langley

Prev by Author: Re: [tor-talk] Tor no longer works with win2K ??
Next by Author: [tor-talk] Using TBB with system tor-user
Previous by thread: Re: [tor-talk] Tor resolver DNSSEC RRs
Next by thread: [tor-talk] copying old profile to new Aurora not working
Index(es):
- Author
- Thread