[tor-dev] DNSSEC
Lunar
lunar at torproject.org
Sat Aug 30 23:40:46 UTC 2014
merc1984 at f-m.fm:
>
> Does anyone know why TOR does not use DNSSEC? The only documentation I
> found on the TORProject website for DNS does not actually explain how
> DNS works on TOR. I infer it must be TCP, as TOR can not do UDP, and I
> imagine that relay nodes must be the resolvers in order to resolve
> .onion domains. But beyond that there is no information on how it
> works.
>
> Seems to me that the lack of DNSSEC in TOR is a gigantic security hole.
> (DNS cache poisoning)
See proposal 219 for the status of current efforts:
https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/219-expanded-dns.txt
Please contribute if you can!
--
Lunar <lunar at torproject.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140830/81a128d9/attachment.sig>
More information about the tor-dev
mailing list