DNS
Sven Dietrich
spock at adelphi.edu
Tue Oct 1 22:21:47 UTC 2002
> Why not (I have no clue as to what socks4a does)? Would the hostname not
> get resolved at the last OR then? Isn't that what we want?
One reason to get the hostname to get resolved at the last OR is
for the benefit of CDNs (content distribution networks). The CDN
might point to the right IP when queried by the last OR, offering
the best route/ideal server from that location. Actually one
could deduce the general topological location of the source if
the hostname in a CDN is resolved at the source. Did that make
sense? Example: if the source is using tor and trying to access
www.apple.com from Washington, DC. The CDN for Apple (Akamai?)
would probably point www.apple.com to a local DC server, but if
the last hop of tor is in, say, San Francisco, then information
about the source (DC region) would be revealed.
This is probably very obvious, but I just wanted to state it.
> Yes.... That might be best, although it is certainly heavyweight.
> Interestingly enough, I have a feeling that encrypted DNS would more or
> less do (all domains have approximately the same length).
Hmm, that would still be susceptible to the attack outlined
above.
Sven
More information about the tor-dev
mailing list