Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify the projects map.yml file #26

Open
tnias opened this issue Jul 8, 2018 · 1 comment
Open

Verify the projects map.yml file #26

tnias opened this issue Jul 8, 2018 · 1 comment

Comments

@tnias
Copy link

tnias commented Jul 8, 2018

I did not find a policy on how to get a domain added or removed from the project's map.yml file. It seems like a nice possibility for MitM attacks.

I propose to require prove of ownership by the non-onion domain owner. This can be done simply by requiring the presents of a SRV record pointing to the provided onion domain.

In #25 I created a simple script to check for the SRV records. This or something similar could be used for regular checking of currently present records and those to be added.
@taggart
Copy link

taggart commented Nov 12, 2022

Agreed this is a problem, and maybe a good reason to not keep the map at all but move to using SRV only.
If the map is kept, verifying the SRV record (maybe with DNSSEC too?) seems like a good idea.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@taggart @tnias