[or-cvs] More DNS fixes. Send meaningful TTLs back to the client when

Nick Mathewson nickm at seul.org
Sat Jun 3 21:41:16 UTC 2006


Update of /home/or/cvsroot/tor/doc
In directory moria:/tmp/cvs-serv30284/doc

Modified Files:
	tor-spec.txt 
Log Message:
More DNS fixes.  Send meaningful TTLs back to the client when
possible.  Cache at the server side independently from the TTL, to
prevent attackers from probing the server to see who has been asking
for what hostnames.  (Hi, Dan Kaminski!)

Also, clean some whitespace.



Index: tor-spec.txt
===================================================================
RCS file: /home/or/cvsroot/tor/doc/tor-spec.txt,v
retrieving revision 1.115
retrieving revision 1.116
diff -u -p -d -r1.115 -r1.116
--- tor-spec.txt	9 Feb 2006 03:44:49 -0000	1.115
+++ tor-spec.txt	3 Jun 2006 21:41:14 -0000	1.116
@@ -571,7 +571,12 @@ when do we rotate which keys (tls, link,
        The IPv6 address to which the connection was made [16 octets]
        A number of seconds (TTL) for which the address may be cached [4 octets]
    [XXXX Versions of Tor before 0.1.1.6 ignore and do not generate the TTL
-   field.  No version of Tor currently generates the IPv6 format.]
+   field.  No version of Tor currently generates the IPv6 format.
+
+   Tor servers before 0.1.2.0 set the TTL field to a fixed value.  Later
+   versions set the TTL to the last value seen from a DNS server, and expire
+   their own cached entries after a fixed interval.  This prevents certain
+   attacks.]
 
    The OP waits for a RELAY_CONNECTED cell before sending any data.
    Once a connection has been established, the OP and exit node



More information about the tor-commits mailing list