First, sorry, I don't know why I wrote "section 4"; this is section 2, but I think you understood me.
On Mon, Mar 23, 2015 at 12:57:53PM +0000, Alec Muffett wrote: > a) the software in question is talking to a Tor proxy which acts as a > gateway to the Tor network (and to the rest of the internet-via-Tor) which > resolves ".onion” addresses meaningfully, or else: > > b) the software in question is *not* talking to a Tor proxy, and therefore > cannot meaningfully resolve or communicate with onion addresses, nor use > the Tor network. This is what I assumed. The key point is that it doesn't break anything that ought to be depending on those onion addresses, so even if somehow the onion name leaked and ended up in the DNS, it's not a big deal because it won't negatively affect correctly-implemented onion-using clients and it won't negatively affect anyone trying to use onion in the DNS (because there shouldn't be any such person). It might be worth adding a sentence or two after the list in section 2 to that effect. Perhaps, "It is important to note that any contamination of DNS caches with onion names cannot have a negative affect on any correctly-operating software. No application implementing Tor should be looking these names up in the DNS and no Tor-unaware application should expect to look up these names successfully." (I once before had someone claim to me that the latter isn't actually true, but I think it must be or the description of onion in this draft is completely wrong.) Best regards, A > > If the software is somehow both talking and bypassing the proxy, my sense > is that it would be the software's responsibility to deal with the > self-imposed complex situation in a sane manner; an example of this might > be http://en.wikipedia.org/wiki/Tor2web > > -a > > > On 3/21/15, 11:12 PM, "Andrew Sullivan" <a...@anvilwalrusden.com> wrote: > > >In section 4, 3-5, what if a "synthetic" NXDOMAIN gets generated and > >cached? Will that have any effect on .onion resolution? If this is > >explained in detail in some thing I've failed to follow, a simple > >reference would be enough. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Andrew Sullivan a...@anvilwalrusden.com _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
