On 03/03/2014 09:25 AM, Norbert Bollow wrote: > Warren makes a strong argument in favor of .alt I think. > > Another related aspect is that if something like onion.notreallydns.org > is used, with notreallydns.org registered for the specific purpose of > providing a home for one or more non-resolving dns-like names, it > is very non-trivial to guarantee that whoever has registered the > notreallydns.org name will continue paying the yearly fees forever. If > the registration lapses, an attacker could become the new holder of the > notreallydns.org domain and use it to snoop and/or serve malware... >
more generally, even if one person/institution holds that name forever, they/it can change their mind about catching the data there (and/or responding to it). So your protocol/security tradeoffs change when this approach is chosen compared to reserving it for explicit non-use. While the reservation can be pulled anyway, IMO it would be a much greater barrier should one try to do so. (not leaning either way myself at this point) Jelte _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
