On Sat, Aug 30, 2014 at 04:35:27PM -0700, [email protected] wrote: > > Does anyone know why TOR does not use DNSSEC? The only documentation I > found on the TORProject website for DNS does not actually explain how > DNS works on TOR. I infer it must be TCP, as TOR can not do UDP, and I > imagine that relay nodes must be the resolvers in order to resolve > .onion domains. But beyond that there is no information on how it > works. > > Seems to me that the lack of DNSSEC in TOR is a gigantic security hole. > (DNS cache poisoning)
Because DNSSEC can be themselves "gigantic security hole". Google it. It is very questionable technology. _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
