Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
users:toxdns [2017/07/13 02:09]
nurupo Please don't leave comments in the middle of an article, either join irc or mailing list to discuss things if you have questions or edit the article appropriately if you don't 		users:toxdns [2018/03/15 19:00]
nurupo ToxDNS has been fully phased out: almost no client supports it and toxcore 0.2.0 has dropped libtoxdns
Line 1: Line 1:
 ===== ToxDNS ===== ===== ToxDNS =====
  
-ToxDNS is a tox ID-to-name mapping service. It allows users to shorten their regular, somewhat long, Tox IDs, with short and readable IDs, that closely resemble the format of an email address. An example of a ToxDNS service in use is **groupbot@utox.org**, Which when added, resolves to the full ID (''**56A1ADE4B65B86BCD51CC73E2CD4E542179F47959FE3E0E21B4B0ACDADE51855D34D34D37CB5**'').+ToxDNS is a tox ID-to-name mapping service. It allows users to shorten their regular, somewhat long, Tox IDs, with short and readable IDs, that closely resemble the format of an email address. An example of a ToxDNS service in use is **groupbot@example.org**, Which when added, resolves to the full ID (''**56A1ADE4B65B86BCD51CC73E2CD4E542179F47959FE3E0E21B4B0ACDADE51855D34D34D37CB5**'').
  
 ToxDNS servers are [[https://en.wikipedia.org/wiki/Federation_%28information_technology%29| federated]], they are each run by their individual operators and their databases are stored online. This can, but doesn't necessarily, compromise your privacy, but really it's simple to minimize the risk so that it's nearly nonexistent. ToxDNS servers are [[https://en.wikipedia.org/wiki/Federation_%28information_technology%29| federated]], they are each run by their individual operators and their databases are stored online. This can, but doesn't necessarily, compromise your privacy, but really it's simple to minimize the risk so that it's nearly nonexistent.
  
-[There are more risks than are mentioned below and several are of the kind which the user can not influencemuch less so without in-depth understanding of the implications]+**ToxDNS is considerate to be deprecated. It's advised against using it as versions 1 and 2 of ToxDNS are insecureand barely any client supports version 3.** 
 + 
 +It's also planned that libtoxdns would be removed from TokTok's toxcore repository in one of the following major/minor version ticks.
  
 ==== What you might want to know about ToxDNS ==== ==== What you might want to know about ToxDNS ====
  
 Some people have some concerns about how ToxDNS services could be used maliciously, mismanaged, or exploited as a single point of failure in order to deny a person the ability to look up the ID they want. Hopefully I can address those concerns here. Some people have some concerns about how ToxDNS services could be used maliciously, mismanaged, or exploited as a single point of failure in order to deny a person the ability to look up the ID they want. Hopefully I can address those concerns here.
- 
-[MITM by hijacking on the network level at a name/id lookup is not mentioned -- this is less of an issue for 3rd version of toxdns, where both the requests and responses are encrypted, and toxdns service provider's public key is either distributed with the client distribution or, this is where the issue comes from, looked up once and cached forever. 
- 
-impersonation by preregistering a rogue id is not mentioned -- you mean someone registering id for the name "aklyn" before you get to register it? sounds like this issue is out of the scope. if an "aklyn" is already registered by someone, try registering "aklyn2" and telling others to use that. you have the same issue with domain names, twitter usernames, etc. 
- 
-impersonation by guessing a password is referred to as MITM which is hardly fair -- guessing the password is not the only way, the server itself my be compromised, the service administrator might compromise your account, etc. the idea is that someone changes the id stored in your account to the one that you not intended, thus making the account compromised. 
- 
-a malicious or compromised server which at will redirects certain lookups to rogue ids is not mentioned -- this is part of the above. perhaps the point above is too broad and needs to be split in smaller pieces? 
- 
-anyway, please join our IRC channel or mailing list if you want to discuss things, instead of leaving comments arguing with the wiki article in the middle of the said wiki article.] 
  
 **Impersonating a user(MITM) by switching the Tox ID associated with the username:** If someone compromised your account on a ToxDNS Service or a server hosting ToxDNS records, they might be able to replace the Tox ID associated with the username. New users looking up a Tox ID using the compromised username would be directed to the wrong Tox ID. To minimize the chance of such a thing occurring, use a long, unique, random password for your ToxDNS account, and set the ID to be unchangable if the server supports it. This will not connect you with your intended friend and it does not give anyone access to your private key or any current or previous chat sessions keys. **Impersonating a user(MITM) by switching the Tox ID associated with the username:** If someone compromised your account on a ToxDNS Service or a server hosting ToxDNS records, they might be able to replace the Tox ID associated with the username. New users looking up a Tox ID using the compromised username would be directed to the wrong Tox ID. To minimize the chance of such a thing occurring, use a long, unique, random password for your ToxDNS account, and set the ID to be unchangable if the server supports it. This will not connect you with your intended friend and it does not give anyone access to your private key or any current or previous chat sessions keys.
Line 29: Line 21:
 It should be noted that none of these area actually problems with ToxDNS itself. The first two are malicious activities that could be undertaken on a server, the third is just somebody taking a site down or blocking access to a site. It should be noted that none of these area actually problems with ToxDNS itself. The first two are malicious activities that could be undertaken on a server, the third is just somebody taking a site down or blocking access to a site.
  
-[The actual issue is the fundamental problem of using a service which is insecure by design, to initiate a more secure one - the final security is the one of the weakest part in the chain -- yes, this is correct]+
 ===== ToxDNS Services ===== ===== ToxDNS Services =====
 As of yet, there is no official ToxDNS service. All services listed here are run by volunteers, use at your own risk.  As of yet, there is no official ToxDNS service. All services listed here are run by volunteers, use at your own risk. 
- 
-|                                         ^ Owner                  ^ Description                                                                    ^ 
-^ [[http://register.utox.org/|uTox.org]]  | notsecure, irungentoo  | Simple and reliable ToxDNS for uTox fans                                     | 
-                                                              | 
  
 ===== Run your own ===== ===== Run your own =====

Trace:

Print/export