[tor-bugs] #24050 [Core Tor/Tor]: We still do client-side caching. We just don't use the cache.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Nov 4 16:10:29 UTC 2017
#24050: We still do client-side caching. We just don't use the cache.
----------------------------------------+----------------------------------
Reporter: arma | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: 032-backport, ???-backport | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------------+----------------------------------
Comment (by nickm):
One big problem with client-side DNS caching in Tor is that if the exit on
the first circuit lies about the IP address, the exit on the second
circuit will be told about the false IP address too. In this way, one bad
exit can set up a "sticky" MITM that will persist even on a new circuit if
the user is using the same DNS cache. Similarly, IPv6 addresses can
trivially be used to set up unique client identifiers that will last for
as long as the DNS cache lasts.
How bad is this attack? Consider:
1. The more we reuse DNS caches across multiple circuits, the worse this
attack gets... but on the other hand, the DNS cache is only beneficial to
the extent that we can reuse it.
2. These attacks seem especially bad when performed against uncommon
sites... but common sites are likely to be in the exit-side DNS cache,
making client-side caching unnecessary.
So it seems to me that client-side DNS caching is risky to the extent that
it is useful, and vice versa. :)
One more consideration: client-side DNS caching can also lower performance
for big sites that use CDNs to match exits with nearby servers.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24050#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list