-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Daniel Achleitner: > Hi everyone, > > I'm a Software Engineering master's student at TU Wien, Austria, > with a recent focus on computer security and privacy issues. I am > interested in participating in GSoC 2017, particularily in the > task to support all kinds of DNS queries via Tor [1]. > > I've seen the mailing list discussions of 2012 and read the > resulting proposition 219 [2]. What do you think, which parts of > it (if any) would need to be adapted for DNS in 2017? My current > impression is that not much has changed, particularily regarding > DNSSEC support and deployment. > > As of now, the proposal looks fairly complete with few questions > remaining, the biggest research task being how to utilize > libunbound for query/response parsing and construction. > Implementing the RELAY DNS cells then seems fairly > straightforward. Unit/integration tests and some fuzzing would be a > good idea. The problem of reducing DNSSEC roundtrips > (serialization) to be investigated in a later phase, I would say. > > Is a separate AXFR tool still something that is desired? I have no > experience with zone transfers -- can't the existing tooling just > be used over a normal TCP conn through Tor? > > This project idea would make a good match to my thesis in > progress, for which I am researching and evaluating > privacy-improving DNS tools in the context of Tor (DNSCrypt, > DNS-over-TLS) [3], inspired by the awesome paper on DNS correlation > [4]. For example, I recently built a SOCKS-to-SOCKS translator > which allows to resolve hostnames using a resolver of choice, e.g. > using DNSCrypt with TBB. > > Looking forward to hearing your thoughts, concerns and opinions! > > Best regards, Daniel > > IRC handle on OFTC: idealchain
(Thinking out loud.) It would be interesting to have some kind of algorithm agility here. For example, a Tor client could send a request for a Namecoin domain name, and the exit relay would return a Namecoin merkle proof in the same way that it would return a DNSSEC signature if were a DNS doman name. Cheers, - -- - -Jeremy Rand Lead Application Engineer at Namecoin Mobile email: jeremyrandmob...@airmail.cc Mobile PGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C Send non-security-critical things to my Mobile with PGP. Please don't send me unencrypted messages. My business email jer...@veclabs.net is having technical issues at the moment. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJY4G6EAAoJELPy0WV4bWVw2UMQAKEbpa5u0zHHHAYrZS5huMcM LsCmd5o1q5fQXzVyncWiYVasYUUQHcMp7SygqLJK6mCNgvDgytYGQ6S9qbt/xnqO aPxIBBM0zYEnmn2QMg35AxjV8P9uc0TuAHpfA03shlD8adgRqSsUocYjeI2fa0P4 ZxggtLhPXrk3CHJqfKL1gwr/+fSFTS7MrXc9HnnmwCUaB3h+5tggMjEXeQxjsfES mdgL/Y9ecQD+k+dxtuWoTFrqoOLE1Asa8Ve1dGo4hUSyD6MkPKnjj2wQKAditj+w zXB1ETd0ZQEKX/mguZXff9596AJklDRsU+HTKplNJsyh/nkqpL05PKeaaQerSynf 5bgc2Z4U4eHenMvnh4QGq+Ce9xuS+8moSfU218GLilJz1jz2K5P9YxLG2KFl3Bhu O99merBZbBxgGpism/C/Ae9GgtH20pvgKeN/rgy+80DbowF5e+m+9qH/DXoKArIu +u1LYHM4dT02VHONy2y31RS8maWebsm6tWQ4ciit2vRg2dukzzDmQQt/Wj6L2pal 4o24cp6CsIU/kifb/gEYYE5id4mbr1u580jXFvMeTrWRMvRp1o6uxFaaV4GtY1OG VTCuQuuuEXysA8I0+SYpVnAyM6zoq/mJkZGhl/doRgMdn7RA5XEJHrxsE5z8PYTE vl/kcBsLKuO6EKxJ8TAt =Ctku -----END PGP SIGNATURE----- _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev