Ring leaks the RingID of contacts when the DHT is not bootstrapped
Issue generated from Tuleap's migration script. Originally submitted by: Baptiste Jonglez (baptiste)
When the DHT is not yet bootstrapped (for instance if all outgoing UDP trafic is blocked by a firewall), trying to call a RingID causes Ring to perform DNS queries for the following names:
SRV \_sip.\_udp.00000000000000000000000000000000000000.
A 00000000000000000000000000000000000000.
where 000...00 is the RingID of the contact (omitted here for privacy reasons). By the way, these queries obviously fail.
This is a privacy concern, since the operator of the DNS resolver, and any attacker able to listen to the traffic, can learn which RingID has been contacted.