Opened 3 years ago

Last modified 2 years ago

#20555 new defect

Stream isolation for DNS

Reported by: adrelanos Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: dns tor-client stream-isolation needs-design
Cc: whonix-devel@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Seems like Tor's DNS cache (CacheIPv4DNS, CacheIPv6DNS) and caching of hidden service descriptors is cached globally.

The first connection in stream one resolves all DNS or hidden service descriptors. But follow up connections in separate streams to the same website do not resolve and use Tor's cache.

So webservers could provide a slightly unique version of their website per visitor. Each visitors browser could be instructed to load additional content from varying hostnames. Due to caching vs non-caching it might be possible to make visitors pseudonymous rather than anonymous.

The problem is that Tor's cache is global and not stream isolated.

Child Tickets

Change History (5)

comment:1 Changed 3 years ago by dgoulet

Keywords: dns added
Milestone: Tor: 0.2.???
Summary: stream isolation for DNS and hidden service descriptor cacheStream isolation for DNS

For HS cache isolation, we have #15938 so renaming this ticket to only mention DNS stream isolation which I couldn't find a ticket about it but kind of vaguely remembering one so if anyone finds it, duplicate this one. Multiple tickets exists about "stream isolation" like #15458 an #19859. Maybe we should make a parent ticket with all the childs if anyone is up for that? :) Thanks adrelanos for this!

comment:2 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:3 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:4 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:5 Changed 2 years ago by nickm

Keywords: tor-client stream-isolation needs-design added
Note: See TracTickets for help on using tickets.