Also what I haven't seen explored but is actually a logical extension
of using socks to make ordinary browsers talk to .onion sites is
extending the local recursive server to do the TOR lookup rather
than a traditional DNS lookup and return the results in a DNS
message. With dprive this should end up being secure.
If there will ever be a requirement to support this then doing a
insecure delegation to a set of public .onion servers would be the
way to go. The logical set of servers is the root-servers to avoid
additional leakage.
There are a number of places where a .onion name can be intercepted
and the alternative lookup method introduced: application, getaddrinfo,
recursive server, special purpose authoritative server.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka(_at_)isc(_dot_)org