[Freedombox-discuss] DNS std for Freedomboxes? [was Re: Establishing Communicationbetween Freedomboxes]
Tony Godshall
togo at of.net
Tue Jul 19 18:53:36 UTC 2011
On Tue, Jul 19, 2011 at 11:21 AM, <bertagaz at ptitcanardnoir.org> wrote:
> On Tue, Jul 19, 2011 at 11:08:50AM -0700, Tony Godshall wrote:
>> >>> Is Tor centralized this way?
>> >
>> >> The Tor directory authorities are centralized, but the effect of
>> >> compromising a DNS root server is probably worse than compromising a
>> >> Tor directory authority.
>> >
>> > Right. Since Directory Protocol v2, statements made by a Directory
>> > authority are believed by a Tor client "iff they were attested to by
>> > more than half of the authorities", so an adversary needs to
>> > compromise more than half of the Tor Directory authorities to be able
>> > to lie effectively to Tor clients.
>> >
>> > See dir-spec-v2.txt in the torspec Git repository¹ for details.
>> > The "0.1. History" section of the (WIP) dir-spec.txt is a nice
>> > introduction to how such matters are dealt with by Tor.
>> >
>> > 1. git://git.torproject.org/torspec.git
>> >
>> > Bye,
>>
>>
>> Thanks
>>
>> Is there any reason why Tor-based DNS should not be the default for
>> the freedombox?
>
> DNS torification (using the DNSPort Tor option) actually only support A
> requests, meaning if the FreedomBox is setup to be a mail server, it can't
> work properly (at least MX DNS requests can't be resolved that way). But
> there are ways to configure a system so that it can use Tor for the A
> queries, and plain DNS for the rest.
Thank you for pointing that out.
Any downside to letting your adversary know what domains you are
emailing to? Well, the mice probably don't want the octopus know that
they are emailing via @octopusnotsogreat.org? But then again SMTP
itself is not encrypted either...
> Maybe that should be an option chosen by the user?
Too many options chosen by the user and we end up with "a Linux Box"
rather than "an appliance". A freedombox should be operational with
minimal configuration- it should have rational functional
secure-as-practical defaults. And of course a user with expertise can
tweak them but it should not be demanded that newbies choose too much.
Tony
>> The arguments in favor would seem to be that it
>>
>> - is well tested
>>
>> - bypasses DNS manipulation by an ISP or adversary capable of
>> compromising less than half of Tor
>>
>> - makes DNS lookups encrypted
>>
>> It does not, however, keep an adversary from logging connections by
>> actual ip address (except for those that go through the high-latency
>> Tor hidden service mechanism of course)
More information about the Freedombox-discuss
mailing list