Jeremy Rand

How would one identify Ricochet traffic? Are you talking about traffic analysis in the general case? If so, that's a quite hard problem to solve, and may be impossible depending...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 John Brooks: > Only HTTP is permitted, no HTTPS. We do not want to require a TLS > implementation, and .onion makes it unnecessary....

> Could you please write a test for this, covering different kinds of addresses? Are you looking for tests that make sure it doesn't leak outside of the proxy, or...

Do any of the existing tests actually check for leaks outside of the proxy? If so, could you point me to the relevant lines? If not, how do you prefer...

There's a workaround at http://fitblip.pub/2012/11/13/proxying-dns-with-python/ . It seems it just skips the DNS lookup, under the assumption that the SOCKS proxy can handle the DNS lookup itself. Maybe that would...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Omer Katz: > @JeremyRand That trick fails with: [snip] when using > requests/urllib3 at least. What value do you have set for the `rdns`...

The misbehaving code was introduced by https://github.com/namecoin/ncdns/commit/3f88db348feb917db3539ff91cf7f4021313dbe1 . @hlandau Do you happen to recall why the special-casing of `0` was added by that commit?

Ah, I see. The LRU cache implementation has the following comment: ~~~ // MaxEntries is the maximum number of cache entries before // an item is evicted. Zero means no...

IIRC @hlandau diagnosed this as a DNSSEC bug in madns, which is fixed now. So the fix should get pulled into the next ncdns release (assuming that no other issues...

@redblade7 Can you try with the latest released binaries and let us know if it's fixed?