[tor-dev] New Proposal - CAA Extensions for the Tor Rendezvous Specification
Ian Goldberg
iang at uwaterloo.ca
Thu Apr 27 12:54:31 UTC 2023
On Tue, Apr 25, 2023 at 01:02:28PM +0100, Q Misell via tor-dev wrote:
> Security Considerations:
> The second layer descriptor is encrypted and MACed in a way that only a party
> with access to the secret key of the hidden service could manipulate what is
> published there. Therefore, Tor CAA records have at least the same security as
> those in the DNS secured by DNSSEC.
Did you mean "signed"? If it's just encrypted and MACed, then anyone who
can decrypt and check the MAC can also alter the contents, of course.
More information about the tor-dev
mailing list