On Tue, Jan 31, 2012 at 10:04:21AM -0500, Nick Mathewson wrote:
On Mon, Jan 30, 2012 at 1:34 AM, Roger Dingledine arma@mit.edu wrote:
So it looks like Tor would get two new libraries linked in, and exit relays would inherit whatever security/stability issues libunbound has since clients can basically hand them packets that they have to parse and deal with.
FWIW, I'm okay thinking about adding new library dependencies so long as the libraries are portable enough; libunbound and ldns have a reasonably good reputation. (And our friends at NLnet labs probably wouldn't mind another bunch of users.)
I believe that as we add dnssec support, we are going to cross the threshold of stuff we'd be willing to clone ourselves, since writing our own dnssec code would be absurd.
I totally agree that writing our own dnssec code would be absurd.
But I'm confused here about why we're adding dns support to Tor itself. Are we doing it to be able to proxy more requests from applications to dns servers? Or are we doing it because the Tor client itself wants to be able to learn the answers to dnssec questions?
If it's the former, then we should try as much as we can to *not* learn the details of the protocol. After all, Tor doesn't have an ssh protocol parser or validator, but it can proxy ssh traffic just fine.
--Roger