5 Feb
2012
5 Feb
'12
3:38 a.m.
On 02/01/2012 10:01 AM, Jacob Appelbaum wrote:
That sounds good. I'll wait for the first draft and send feedback.
First draft is ready here:
https://github.com/hiviah/torspec/blob/master/proposals/ideas/xxx-dns-dnssec...
Hopefully I reflected all the main points made in the DNS threads. There are a few TODOs I couldn't decide what the best course of action would be (usually options are listed).
I tried to keep Tor as much "DNS/DNSSEC-agnostic" as possible. There exists a combination of answers to the TODOs that Tor won't have to touch the DNSSEC part, except for calling ub_resolve ;-) And DNS packet itself would be touched only in the DNSPort/SOCKS part (but still no fiddling with DNSSEC part).
Ondrej