Hello all, I am working on a research project called DNSCatcher which is designed to provide a level of validation and security to standard DNS. DNSCatcher is designed as a framework to prevent clients from being redirected to malicious records and detect potential MITN attacks. A technical writeup of the project, problem statement, and its modus operandi are available here: https://github.com/NCommander/dnscatcher/blob/master/doc/technical_overview.md.
It is my intent to design a system that can be widely adopted to help understand the health and security of the DNS ecosystem. To that end, I would like to get feedback from the Mozilla community on this proposal and help craft it into a component that can easily be deployed. As of the time of this email, the current proof-of-concept code is written in Ada. I intend to standardize the protocol and submit it to the IETF for publication. In the interests of full disclosure, I am currently seeking funding from the OTF to complete this project, although I do intend to work on it regardless of whether funding is secured or not. For implementation as a browser extension, it appears that Mozilla only offers the browser.dns API to make lookups, and is extremely limited. Given the constraints of the BrowserExtension API, it appears that if I wish to have full functionality for this project, I will need to deploy a client daemon on the end user system to provide an HTTP interface on 127.0.0.1. I am open to advice on better mechanisms to achieve this goal. It is my hope that as this project develops and matures that support for this extension could eventually make its way into Mozilla’s core libraries as a native implementation. While I realize we are far from that point, I welcome any feedback or criticisms of the design of this project. Michael _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
