SQRL is using DNS to perform update checks?


Status
Not open for further replies.

Joao

Member
Jun 5, 2019
8
2
Did I hear correctly on the podcast that SQRL is using the DNS infrastructure itself to check in a light weigh matter if there are new versions?

Wouldn't be a good idea to have GRC web server to use DNSSEC? To prevent third party's from spoofing the results.
 

Vela Nanashi

Well-known member
May 19, 2018
720
124
That definitely sounds like a good idea yeah :)

Though I am not sure how complicated it is to dynamically update dns entries while still keeping them properly signed :)
 

PHolder

Well-known member
May 19, 2018
1,223
204
To prevent third party's from spoofing the results.
To what end? The worst case is you could make the client believe there is a new version, then they would attempt to go get it and find none available. This would be annoying and nothing worse. I suppose if there were a known issue, then a man in the middle could somehow prevent you from finding out about the update... but if you have a man in the middle... they could just as easily block ANY DNS activity heading to grc.com and achieve the exact same result.

Also, the apps in the system should not being managing DNS... that is the job of the OS. If the OS supports DNSSEC then so should any app running on it.
 

Steve

Administrator
Staff member
May 6, 2018
1,016
307
www.grc.com
@PHolder : And an additional complication is that this would require on-the-fly DNSSEC signing, since these GRC records are not static. Eventually, I'll enjoy mucking around with DNSSEC, but, as you suggest, it's far from the top of my list. :)
 
Status
Not open for further replies.