On Tue, Jul 19, 2011 at 11:08:50AM -0700, Tony Godshall wrote: > >>> Is Tor centralized this way? > > > >> The Tor directory authorities are centralized, but the effect of > >> compromising a DNS root server is probably worse than compromising a > >> Tor directory authority. > > > > Right. Since Directory Protocol v2, statements made by a Directory > > authority are believed by a Tor client "iff they were attested to by > > more than half of the authorities", so an adversary needs to > > compromise more than half of the Tor Directory authorities to be able > > to lie effectively to Tor clients. > > > > See dir-spec-v2.txt in the torspec Git repository¹ for details. > > The "0.1. History" section of the (WIP) dir-spec.txt is a nice > > introduction to how such matters are dealt with by Tor. > > > > 1. git://git.torproject.org/torspec.git > > > > Bye, > > > Thanks > > Is there any reason why Tor-based DNS should not be the default for > the freedombox?
DNS torification (using the DNSPort Tor option) actually only support A requests, meaning if the FreedomBox is setup to be a mail server, it can't work properly (at least MX DNS requests can't be resolved that way). But there are ways to configure a system so that it can use Tor for the A queries, and plain DNS for the rest. Maybe that should be an option chosen by the user? > The arguments in favor would seem to be that it > > - is well tested > > - bypasses DNS manipulation by an ISP or adversary capable of > compromising less than half of Tor > > - makes DNS lookups encrypted > > It does not, however, keep an adversary from logging connections by > actual ip address (except for those that go through the high-latency > Tor hidden service mechanism of course) > > Tony > > _______________________________________________ > Freedombox-discuss mailing list > Freedombox-discuss@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss