Yes, signed is what I meant. I will update the document. ------------------------------
Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № 12417574 https://find-and-update.company-information.service.gov.uk/company/12417574. ICO register №: ZA782876 https://ico.org.uk/ESDWebPages/Entry/ZA782876. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively.
On Thu, 27 Apr 2023 at 13:54, Ian Goldberg iang@uwaterloo.ca wrote:
On Tue, Apr 25, 2023 at 01:02:28PM +0100, Q Misell via tor-dev wrote:
Security Considerations: The second layer descriptor is encrypted and MACed in a way that only
a party
with access to the secret key of the hidden service could manipulate
what is
published there. Therefore, Tor CAA records have at least the same
security as
those in the DNS secured by DNSSEC.
Did you mean "signed"? If it's just encrypted and MACed, then anyone who can decrypt and check the MAC can also alter the contents, of course. _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://e.as207960.net/w4bdyj/Clnj1LKF