|
|
@@ -12,6 +12,13 @@ Changes in version 0.2.1.7-alpha - 2008-11-xx
|
|
|
Suggested by Lucky Green.
|
|
|
- Preserve case in replies to DNSPort requests in order to support
|
|
|
the 0x20 hack for resisting DNS poisoning attacks.
|
|
|
+ - Implement the 0x20 hack to better resist DNS poisoning: set the
|
|
|
+ case on outgoing DNS requests randomly, and reject responses
|
|
|
+ that do not match the case correctly. This logic can be
|
|
|
+ disabled with the ServerDNSRamdomizeCase setting, if you are
|
|
|
+ using one of the 0.3% of servers that do not reliably preserve
|
|
|
+ case in replies. See "Increased DNS Forgery Resistance through
|
|
|
+ 0x20-Bit Encoding" for more info.
|
|
|
|
|
|
o Hidden service performance improvements:
|
|
|
- When the client launches an introduction circuit, retry with a
|
Nick Mathewson