missing changelog for 0x20 hack

author Nick Mathewson <nickm@torproject.org>

Mon, 3 Nov 2008 15:45:27 +0000 (15:45 +0000)

committer Nick Mathewson <nickm@torproject.org>

Mon, 3 Nov 2008 15:45:27 +0000 (15:45 +0000)
author Nick Mathewson <nickm@torproject.org>
Mon, 3 Nov 2008 15:45:27 +0000 (15:45 +0000)
committer Nick Mathewson <nickm@torproject.org>
Mon, 3 Nov 2008 15:45:27 +0000 (15:45 +0000)
diff --git a/ChangeLog b/ChangeLog

index b49a3d00db46465f63bae0a950d0e7a7bb3873f8..4e8901f42f621ba90e535f761599ee4822bc5270 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,13 @@ Changes in version 0.2.1.7-alpha - 2008-11-xx
        Suggested by Lucky Green.
      - Preserve case in replies to DNSPort requests in order to support
        the 0x20 hack for resisting DNS poisoning attacks.
+    - Implement the 0x20 hack to better resist DNS poisoning: set the
+      case on outgoing DNS requests randomly, and reject responses
+      that do not match the case correctly.  This logic can be
+      disabled with the ServerDNSRamdomizeCase setting, if you are
+      using one of the 0.3% of servers that do not reliably preserve
+      case in replies.  See "Increased DNS Forgery Resistance through
+      0x20-Bit Encoding" for more info.
  
    o Hidden service performance improvements:
      - When the client launches an introduction circuit, retry with a
author	Nick Mathewson <nickm@torproject.org>
	Mon, 3 Nov 2008 15:45:27 +0000 (15:45 +0000)
committer	Nick Mathewson <nickm@torproject.org>
	Mon, 3 Nov 2008 15:45:27 +0000 (15:45 +0000)