On Mon, Sep 1, 2014, at 10:19, Артур Истомин wrote:
On Mon, Sep 01, 2014 at 04:33:34PM +0000, David Stainton wrote:
Dear merc1984@f-m.fm,
Is DNSSEC is not evil? To me it seems like the 1984 of domain name systems... Please take a good look at the political implications of DNSSEC. I personally do not understand why this Tor Project spec includes mention of DNSSEC: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/219-expanded-...
Can we use djb's DNSCurve instead of DNSSEC? Perhaps I misunderstand the situation and the difference between DNSCurve and DNSSEC. Perhaps "ZOMG someone is wrong on the Internet!" will spark someone else's interest in correcting me here in this discussion. I personally think that people mentioning DNSSEC on tor communications channels must either have an agenda to help the US government gain more control of the Internet... or they must be trolls. But maybe I am totally wrong about this. I'd be interested in hearing a correction if I am wrong... and does this mean the DJB is also wrong? =-) https://en.wikipedia.org/wiki/DNSCurve
Yeah, he is troll or/and NSA's agent :) He's already got the answer exactly the same as yours, from two people from tor-talk:
https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/219-expanded-... 2. DNSSEC is suck, not security technology.
to merc1984@f-m.fm, is it act of sabotage? Stop it or I will come for you! ;)
Lol, first of all Copernicus, I have made no posts in that stackexchange thread. I do have the same concern though, as it is legitimate. Second, I believe all the answers there are wrong because an exit node could not resolve .onion addresses by the time a query gets there.
I suspect that TOR DNS is TCP, and that relays can also resolve. But then, so far it seems that no one actually knows.
To those whose skirts I've blown up about DNSSEC, you must not understand that what we have now is very susceptible to DNS Cache Poisoning. This is a serious problem. And if you don't take this seriously, either you clearly do not understand the problem, or you are not telling us why it is not a problem.
IDC if the solution is DNSSEC, DNSCurve, or Waltzing with DNS, but I say this is a serious problem that must be addressed.
Yeah, I'm an NSA agent, trying to tell you about a serious problem with TOR which you are too stupid to see. pfff Gourd-head and come after me, lol.