simon-git: putty (main): Simon Tatham

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Sun Nov 3 14:30:03 GMT 2024 

TL;DR:
  47df9483 privacy.but: greater emphasis on checking host keys.
  28a5d72a privacy.but: pedantically mention DNS lookups.

Repository:     https://git.tartarus.org/simon/putty.git
On the web:     https://git.tartarus.org/?p=simon/putty.git
Branch updated: main
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2024-11-03 14:30:03

commit 47df948362719f08cf14420e81b10e4ccfee580f
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=47df948362719f08cf14420e81b10e4ccfee580f;hp=33881a1445e93d5022d3ee8233a33c865b4ab8de
Author: Simon Tatham <anakin at pobox.com>
Date:   Sun Nov 3 14:12:46 2024 +0000

    privacy.but: greater emphasis on checking host keys.
    
    Re-reading the wording, I think I was a bit cavalier about "if you
    don't like the host key cache recording where you've been, check host
    keys yourself." It should be more like "check host keys yourself,
    SERIOUSLY, WE REALLY MEAN IT, DO NOT LEAVE THIS STEP OUT."

 doc/privacy.but | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

commit 28a5d72a182b606312c592fb7fbb6abf2332bbfd
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=28a5d72a182b606312c592fb7fbb6abf2332bbfd;hp=47df948362719f08cf14420e81b10e4ccfee580f
Author: Simon Tatham <anakin at pobox.com>
Date:   Sun Nov 3 14:20:39 2024 +0000

    privacy.but: pedantically mention DNS lookups.
    
    Literally speaking, it's not true that PuTTY only connects to the
    server you told it to. It typically has to connect to a DNS server
    first to find out where that server _is_. (If you've provided a
    hostname, and if that hostname isn't in /etc/hosts or equivalent.)
    
    Of course, if you're concerned about people _in your organisation's
    network_ finding out where you've been connecting to, you have bigger
    problems, because whether you did a DNS lookup or not they can
    certainly see your IP-layer headers. But that really is outside the
    scope of this document. I only mention DNS out of pedantry, because
    not doing so made "does not connect to any other site" technically
    inaccurate. (Perhaps even: only inaccurate if the DNS lookup happens
    over TCP :-)

 doc/privacy.but | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

More information about the tartarus-commits mailing list