On Tue, Dec 18, 2012 at 6:42 PM, Roger Dingledine wrote:
> On Thu, Nov 29, 2012 at 06:14:23PM +, Julian Yon wrote:
>> (3) Don't bother trying to ascertain the full exit policy, but rather
>> maintain a simple table of exit/IP/port combinations that have been
>> rejected and consult it when bui
On Tue, Dec 18, 2012 at 7:34 PM, Mike Perry wrote:
> Thus spake Nick Mathewson (ni...@freehaven.net):
>
>> [tl;dr: We should make client-side DNS cacheing off by default.]
>>
>> On Fri, Jul 20, 2012 at 6:27 PM, Nick Mathewson wrote:
>> > Filename: 205-local-dnscache.txt
>> > Title: Remove global
Thus spake Nick Mathewson (ni...@freehaven.net):
> [tl;dr: We should make client-side DNS cacheing off by default.]
>
> On Fri, Jul 20, 2012 at 6:27 PM, Nick Mathewson wrote:
> > Filename: 205-local-dnscache.txt
> > Title: Remove global client-side DNS caching
> > Author: Nick Mathewson
>
> For
On Thu, Nov 29, 2012 at 06:14:23PM +, Julian Yon wrote:
> (3) Don't bother trying to ascertain the full exit policy, but rather
> maintain a simple table of exit/IP/port combinations that have been
> rejected and consult it when building/using circuits. This requires no
> protocol changes (win!
On Tue, 27 Nov 2012 20:53:03 -0500
Nick Mathewson wrote:
> On Tue, Nov 27, 2012 at 10:08 AM, Julian Yon
> wrote:
> >
> > So, perhaps have a cache but only consult it for making decisions
> > about whether to use a circuit, not for resolving client requests?
> > Although this is still vulnerable
On Tue, Nov 27, 2012 at 8:42 PM, Nick Mathewson wrote:
> On Tue, Nov 27, 2012 at 12:49 AM, Roger Dingledine wrote:
[...]
>> While I was looking at this design, I thought of a cool attack on
>> 0.2.3 users:
This is now Ticket #7582 on trac.
yrs,
--
Nick
_
On Tue, Nov 27, 2012 at 10:08 AM, Julian Yon wrote:
> On Tue, 27 Nov 2012 00:49:28 -0500
> Roger Dingledine wrote:
>
>> (Also, if we have no client-side dns cache, further streams requesting
>> the same address, e.g. fetching pictures from the website, might try
>> the same circuit even if we cou
On Tue, Nov 27, 2012 at 12:49 AM, Roger Dingledine wrote:
> On Sun, Nov 25, 2012 at 07:54:51PM -0500, Nick Mathewson wrote:
>> [tl;dr: We should make client-side DNS cacheing off by default.]
>
> Be careful -- we seem to rely on the client-side dns cache to let us
> move on to a new circuit if the
On Tue, 27 Nov 2012 00:49:28 -0500
Roger Dingledine wrote:
> (Also, if we have no client-side dns cache, further streams requesting
> the same address, e.g. fetching pictures from the website, might try
> the same circuit even if we could know that its exit policy would
> refuse the stream.)
So,
On Sun, Nov 25, 2012 at 07:54:51PM -0500, Nick Mathewson wrote:
> [tl;dr: We should make client-side DNS cacheing off by default.]
Be careful -- we seem to rely on the client-side dns cache to let us
move on to a new circuit if the current circuit's exit policy doesn't
like the stream.
See in con
On Sun, Nov 25, 2012 at 7:54 PM, Nick Mathewson wrote:
> [tl;dr: We should make client-side DNS cacheing off by default.]
>
Nitpickery: s/cacheing/caching/g
> Applications that care about speed should be doing a one-round-trip
> connect mechanism: either a SOCKS request with a hostname in it,
[tl;dr: We should make client-side DNS cacheing off by default.]
On Fri, Jul 20, 2012 at 6:27 PM, Nick Mathewson wrote:
> Filename: 205-local-dnscache.txt
> Title: Remove global client-side DNS caching
> Author: Nick Mathewson
> Created: 20 July 2012
> Status: Open
[...]
For the original propos
Filename: 205-local-dnscache.txt
Title: Remove global client-side DNS caching
Author: Nick Mathewson
Created: 20 July 2012
Status: Open
0. Overview
This proposal suggests that, for reasons of security, we move
client-side DNS caching from a global cache to a set of per-circuit
caches.
13 matches
Mail list logo
