* on the Fri, Oct 03, 2014 at 02:10:34AM +0200, [email protected] wrote: > Unfortunately I couldent download the DNSSEC > (mf-dnssec-tlsa-validator-2.2.0.1-macosx.xpi) for my Tor-browser. > > Please see attached the Error print screen.
I see no attachment. I'm guessing the list processor stripped it? > How can I use Dane in the future? I don't think this addon will work with the Tor Browser. It will leak DNS requests outside of Tor removing your anonymity. The Tor daemon presents a socks proxy interface which is what the Tor Browser (modified Firefox) connects to when it wants to visit a site. The Tor Browser says to the Tor daemon, "Connect me to www.example.com", and then the Tor daemon performs onion routing to pass that request on to an Exit node, which then uses DNS to decide what IP to connect to and proxies your connection to it. There are no DNS lookups involved on the client side in this setup. When you introduce the DNSSEC validator addon, it performs DNS lookups on the client side, and I'm guessing it doesn't use the Firefox proxy settings, meaning it leaks. And even if it did use the Firefox proxy settings, it just wouldn't work because Tor doesn't route UDP traffic. -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
signature.asc
Description: Digital signature
_______________________________________________ dnssec-validator-users mailing list [email protected] https://lists.nic.cz/cgi-bin/mailman/listinfo/dnssec-validator-users
