On Tue, May 12, 2015 at 2:29 AM, hellekin <helle...@gnu.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 05/11/2015 08:21 PM, Alec Muffett wrote: >> >> This might be an issue so long as your threat model includes blindly >> unaware users who are typing ".onion" addresses into non-Tor-capable >> browsers in the (presumably first-time) expectation that it will work >> > *** You probably mean to say: human beings. > >> >> ...on a network infrastructure which is thoroughly pwned by a capable >> bad actor. >> > *** You probably mean: the Internet. > >> >> Please explain the contradiction, I fail to see it? >> > *** How can you fail to see that P2PNames says "Users can use these > names as they would other domain names", while OnionTLD says they cannot > ?
I'm a little confused / would like some clarifications. Which if the two below is your preferred outcome: 1: .onion is reserved as a special use name, using the draft-appelbaum-dnsop-onion-tld document, with the (alleged) warts], or: 2: you toss a bunch of hand-grenades, alienate most of the working group with pissy / passive-aggressive comments, *both* documents get stuck in a morass of sniping and .onion doesn't get reserved? Because at the moment it looks like #2 is where things are headed... Sometimes the perfect is the enemy of the good. Pragmatism over Idealism Tuppence more and up goes the donkey! How's your granny off for soap? Other Platitudes Inserted Here. W > >> >> As before, ignoring the potential for privacy-leakage of which site >> you are seeking to connect to, this notion of "ZOMG THEY COULD HIJACK >> THE SITE!!!!" is not a problem if you're using Tor-enabled software >> and have awareness of the issue, per the draft security >> considerations. >> > *** So you recognize that if your Tor setup is wrong, and you're not > aware of this, then it could happen that a malicious entity could serve > a copy of the original site, but resolved over the DNS. This to me, > sounds like the well-documented--not hypothetical--abuses of NXDOMAIN > that were historically performed by Verisign, Comcast, and others. Are > you sure you still don't see any difference at all between MUST and SHOU > LD? > > == > hk > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQJ8BAEBCgBmBQJVUUlGXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w > ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQ0IyNkIyRTNDNzEyMTc2OUEzNEM4ODU0 > ODA2QzM2M0ZDMTg5ODNEAAoJEEgGw2P8GJg962AP/0A7YE1UslDCKctnm2CRC39V > OMIPlVRITQNyAXE7FlqFL5W1PoebmZZsU5ITFiTUXnsPEonPon4KU9ZbGkFVhZ0q > BQdGL77d1F6dCzBX0E50ePaBgiwFVS4mqIdNH0QWIgk4iE+3pduLP5kZSZcFzvuJ > OWy/sOCZMdBdCUzV13Rg7UzYql89uYFGpg6o8Ti7AkdQM2soGdkht6mx/s4kN7qJ > BE2JpXbgKvyYwlwx5J6kvwhN2tnhIDWFLGRZ3U6pqHZXaI9QvzfoLaFm/for7Ha6 > psjBirbqXJ5/+PPv2qt0ad4sJCBE3FFknLL+c4zDWGWo8ReiqOjDJ2yc1Jru31Lu > a7EOejrv6Oor/owFBEIElzI/X4gdnwpuA5P4GSTFnjartAPzn98aylTC3S0GZwAe > KudvUZABkQOOE/jTGGckYRYPmcQhOUXz4dfWQ2ZismYVEoNzqQFLrfU+6GmlkY4X > Im70HVL5i72LMljuphlfForu8XPDdl0/uTPra6mE65cA9Wf85PBenbSd/YKGd33b > Z+LxReRj5Q5l8+nDyQZJNqadadwPdsvPh4WknBDbio7CpX86bBHfNA4xEHe/lUGr > J6k8KQ1SRilOfDF/9U7REQwQ3J3LSzTIObGxvtxtgJ3txRNzt+PmSbIiuApYrwj+ > l6Vq+UOxnV7rCEHEjoOl > =/L7B > -----END PGP SIGNATURE----- > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
