[tor-talk] Tor resolver DNSSEC RRs

tor at lists.grepular.com tor at lists.grepular.com
Tue Nov 29 11:06:30 UTC 2011


Are there any plans to add support for the DNSSEC related RR types to
the DNS resolver built into Tor? Ie, DNSKEY, RRSIG, DS, NSEC and NSEC3?
If not, I think it would be a good thing to add, now the root zone and
major top level zones have been signed, browsers are starting to
experiment with using DNSSEC signed certificates.

If the SSHFP RR type is added too, people who use OpenSSH with the
VerifyHostKeyDNS option can benefit from public key verification when
SSH'ing into a box for the first time, over Tor.

Whilst I'm here, I may as well request MX and AAAA support too I guess.
MX for people who want to run mailservers from inside Tor. You could
argue against AAAA support because Tor doesn't support IPv6 yet, but I'm
just asking for it for completeness more than anything.

-- 
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20111129/b81810f1/attachment.pgp>


More information about the tor-talk mailing list