diff options
Diffstat (limited to 'changes/ticket19769')
| -rw-r--r-- | changes/ticket19769 | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/changes/ticket19769 b/changes/ticket19769 new file mode 100644 index 0000000000..9fc05c3e9e --- /dev/null +++ b/changes/ticket19769 @@ -0,0 +1,7 @@ + o Major features (security): + - Change the algorithm used to decide DNS TTLs on client and server side, + to better resist DNS-based correlation attacks like the DefecTor attack + of Greschbach, Pulls, Roberts, Winter, and Feamster). Now + relays only return one of two possible DNS TTL values, and clients + are willing to believe DNS TTL values up to 3 hours long. + Closes ticket 19769. |