On 02/08/2012 09:09 AM, Peter Palfrader wrote:
On Tue, 07 Feb 2012, Nick Mathewson wrote:
On Tue, Feb 7, 2012 at 7:33 PM, Ondrej Mikle ondrej.mikle@gmail.com wrote:
On 02/07/2012 07:18 PM, Nick Mathewson wrote:
Like Jakob, I'm wondering why there isn't any support for setting flags.
See my response to Jakob. I don't think it's worth to use anything else than flags 0x110 (normal query, recursive, non-authenticated data ok) with DO bit set. Unless there is a really good reason for other flags, that would only have potential to leak identifying bits.
I can't think of one offhand; I had at first thought that non-recursive queries were good for something, but I'm not really sure what.
CD (checking disabled) is quite an important flag in my opinion. In fact, we should set it every time that the tor client is able to validate DNSSSEC themselves.
Sorry, I named CD flag wrong ("unauthenticated data ok"), but it's set.
There also probably ought to be a tor made up flag for "give me the (or one) entire cert chain from the root so I can validate this thing myself without a gazillion round trips". (If we set this we probably also leak less about what we have cached already.) That might require we come up with a way to serialize a number of DNS replies that are the response to a single query.
I like the idea - every lookup would be single roundtrip and would not leak cache state.
It might be very tricky to do it right. There's one (incomplete) draft about serializing DNSSEC data into own structures (https://tools.ietf.org/html/draft-agl-dane-serializechain-01). I find using own structures means essentially rewriting validation from scratch (definitely should be avoided).
A naive implementation of simply putting DNS packets together and throwing them in front of libunbound to sort them out might be much less error-prone.
We should also think about error states and corner cases: what happens if exit node does not send all needed packets? Retry? Declare it fail?
Ondrej