Merge remote-tracking branch 'public/bug19769_19025_029' into maint-0.2.9

author: Nick Mathewson <nickm@torproject.org> 2017-08-01 11:30:29 -0400
committer: Nick Mathewson <nickm@torproject.org> 2017-08-01 11:30:29 -0400
commit: 58e1c6dd868704520fcbd7d8d8bdd7f8dd6f5c58 (patch)
tree: 21a45db25727048e78eed67dd92e97423d1497c0 /changes
parent: 8500f0e4e179280ebb8d6c1f3342eff21a4fdac2 (diff)
parent: 0151e1d1586b2e96dffb667cf2825e4fe993b62e (diff)
download: tor-58e1c6dd868704520fcbd7d8d8bdd7f8dd6f5c58.tar.gz
tor-58e1c6dd868704520fcbd7d8d8bdd7f8dd6f5c58.zip
2 files changed, 11 insertions, 0 deletions
diff --git a/changes/bug19025 b/changes/bug19025
new file mode 100644
index 0000000000..0f365f52ba
--- /dev/null
+++ b/changes/bug19025
@@ -0,0 +1,4 @@
+  o Major bugfixes (DNS):
+    - Fix a bug that prevented exit nodes from caching DNS records for more
+      than 60 seconds.
+      Fixes bug 19025; bugfix on 0.2.4.7-alpha.
diff --git a/changes/ticket19769 b/changes/ticket19769
new file mode 100644
index 0000000000..9fc05c3e9e
--- /dev/null
+++ b/changes/ticket19769
@@ -0,0 +1,7 @@
+  o Major features (security):
+    - Change the algorithm used to decide DNS TTLs on client and server side,
+      to better resist DNS-based correlation attacks like the DefecTor attack
+      of Greschbach, Pulls, Roberts, Winter, and Feamster).  Now
+      relays only return one of two possible DNS TTL values, and clients
+      are willing to believe DNS TTL values up to 3 hours long.
+      Closes ticket 19769.
author	Nick Mathewson <nickm@torproject.org>	2017-08-01 11:30:29 -0400
committer	Nick Mathewson <nickm@torproject.org>	2017-08-01 11:30:29 -0400
commit	58e1c6dd868704520fcbd7d8d8bdd7f8dd6f5c58 (patch)
tree	21a45db25727048e78eed67dd92e97423d1497c0 /changes
parent	8500f0e4e179280ebb8d6c1f3342eff21a4fdac2 (diff)
parent	0151e1d1586b2e96dffb667cf2825e4fe993b62e (diff)
download	tor-58e1c6dd868704520fcbd7d8d8bdd7f8dd6f5c58.tar.gz tor-58e1c6dd868704520fcbd7d8d8bdd7f8dd6f5c58.zip