-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 05/11/2015 08:21 PM, Alec Muffett wrote: > > This might be an issue so long as your threat model includes blindly > unaware users who are typing ".onion" addresses into non-Tor-capable > browsers in the (presumably first-time) expectation that it will work > *** You probably mean to say: human beings.
> > ...on a network infrastructure which is thoroughly pwned by a capable > bad actor. > *** You probably mean: the Internet. > > Please explain the contradiction, I fail to see it? > *** How can you fail to see that P2PNames says "Users can use these names as they would other domain names", while OnionTLD says they cannot ? > > As before, ignoring the potential for privacy-leakage of which site > you are seeking to connect to, this notion of "ZOMG THEY COULD HIJACK > THE SITE!!!!" is not a problem if you're using Tor-enabled software > and have awareness of the issue, per the draft security > considerations. > *** So you recognize that if your Tor setup is wrong, and you're not aware of this, then it could happen that a malicious entity could serve a copy of the original site, but resolved over the DNS. This to me, sounds like the well-documented--not hypothetical--abuses of NXDOMAIN that were historically performed by Verisign, Comcast, and others. Are you sure you still don't see any difference at all between MUST and SHOU LD? == hk -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJVUUlGXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQ0IyNkIyRTNDNzEyMTc2OUEzNEM4ODU0 ODA2QzM2M0ZDMTg5ODNEAAoJEEgGw2P8GJg962AP/0A7YE1UslDCKctnm2CRC39V OMIPlVRITQNyAXE7FlqFL5W1PoebmZZsU5ITFiTUXnsPEonPon4KU9ZbGkFVhZ0q BQdGL77d1F6dCzBX0E50ePaBgiwFVS4mqIdNH0QWIgk4iE+3pduLP5kZSZcFzvuJ OWy/sOCZMdBdCUzV13Rg7UzYql89uYFGpg6o8Ti7AkdQM2soGdkht6mx/s4kN7qJ BE2JpXbgKvyYwlwx5J6kvwhN2tnhIDWFLGRZ3U6pqHZXaI9QvzfoLaFm/for7Ha6 psjBirbqXJ5/+PPv2qt0ad4sJCBE3FFknLL+c4zDWGWo8ReiqOjDJ2yc1Jru31Lu a7EOejrv6Oor/owFBEIElzI/X4gdnwpuA5P4GSTFnjartAPzn98aylTC3S0GZwAe KudvUZABkQOOE/jTGGckYRYPmcQhOUXz4dfWQ2ZismYVEoNzqQFLrfU+6GmlkY4X Im70HVL5i72LMljuphlfForu8XPDdl0/uTPra6mE65cA9Wf85PBenbSd/YKGd33b Z+LxReRj5Q5l8+nDyQZJNqadadwPdsvPh4WknBDbio7CpX86bBHfNA4xEHe/lUGr J6k8KQ1SRilOfDF/9U7REQwQ3J3LSzTIObGxvtxtgJ3txRNzt+PmSbIiuApYrwj+ l6Vq+UOxnV7rCEHEjoOl =/L7B -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
