12 Sep
2017
12 Sep
'17
8:55 p.m.
On 12.09.17 22:43, Igor Mitrofanov wrote:
Every Tor relay can have a simple resolver built-in, and/or perhaps all Tor relays could be running a DHT-style global DNS cache.
"Simple resolver" won't do, IMO. It must be robust and fully DNSSEC capable, which means reinventing the wheel. There is enough good DNS resolver software available. Why invest time and effort in writing yet another resolver, when the developer resources can be spent on Tor's core functionality instead? I don't like the idea of feature creep.
I am basically not sure if DNS is a high-priority vulnerability right now, or just a distraction.
That's what I am asking myself as well.
-Ralph