Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion S

> On 15 Jul 2015, at 8:42 pm, Edward Lewis 
> <edward(_dot_)lewis(_at_)icann(_dot_)org> wrote:
> 4. Caching DNS Servers and
> 5. Authoritative DNS Servers
>
> I really believe that for DNS elements, there should be no change.  By
> intent, the onion names are not to be presented to the DNS by what's in
> category 2 and 3 (Applications and Name Resolution API's respectively).  I
> see placing any requirement on DNS elements - and by that I mean the
> software used to implement the DNS standard - as a bad idea, under the
> heading of "permanent fix to a temporary situation."  (I.e., Tor may not
> be permanent, if it is, as software matures onion names will not be in DNS
> queries.)
        I do think the privacy leakage issues from .onion names being treated 
as normal DNS queries are a significant issue, and likely to be one that will 
increase, not decrease, with broader Tor adoption and understanding.

        I agree that as software matures .onion names will not be in DNS 
queries - and i believe that specifying that behaviour in the RFC is an 
entirely appropriate way to accelerate that. Software adoption does not arrive 
at a mature state spontaneously, the first step to adoption is specifying what 
the correct behaviour should be. Unless a specific strong argument can be made 
that appropriate dealing with .onion names should only be in client libraries 
but not in DNS resolution libraries, changing resolution for .onion appears to 
be a useful way to mitigate a known problem.

        David

signature.asc
Description: Message signed with OpenPGP using GPGMail