On 15 Jul 2015, at 8:42 pm, Edward Lewis
<edward(_dot_)lewis(_at_)icann(_dot_)org> wrote:
4. Caching DNS Servers and
5. Authoritative DNS Servers
I really believe that for DNS elements, there should be no change. By
intent, the onion names are not to be presented to the DNS by what's in
category 2 and 3 (Applications and Name Resolution API's respectively). I
see placing any requirement on DNS elements - and by that I mean the
software used to implement the DNS standard - as a bad idea, under the
heading of "permanent fix to a temporary situation." (I.e., Tor may not
be permanent, if it is, as software matures onion names will not be in DNS
queries.)
I do think the privacy leakage issues from .onion names being treated
as normal DNS queries are a significant issue, and likely to be one that will
increase, not decrease, with broader Tor adoption and understanding.
I agree that as software matures .onion names will not be in DNS
queries - and i believe that specifying that behaviour in the RFC is an
entirely appropriate way to accelerate that. Software adoption does not arrive
at a mature state spontaneously, the first step to adoption is specifying what
the correct behaviour should be. Unless a specific strong argument can be made
that appropriate dealing with .onion names should only be in client libraries
but not in DNS resolution libraries, changing resolution for .onion appears to
be a useful way to mitigate a known problem.
David
signature.asc
Description: Message signed with OpenPGP using GPGMail