Moin! On 17 Jul 2015, at 8:00, Hugo Maxwell Connery wrote: > For those who are trying to provide their comments to the > 6761 discussions, I highly recommend: > > 1. go to https torproject org and download the client > 2. Have wireshark / ethereal > 3. Start 2 and then 3 and see what happens on the wire. Can you for us uninformed please elaborate what happens. That way I don't have to go to all that. Am I right that there is leakage of dns requests with .onion TLDs? If so isn't that a bug in their software?
Looking from a purely DNS perspective this draft says, alter all your DNS clients, resolver and even authoritative servers (who never would get a request for .onion anyway) to do something different then what is in the protocol specs. Seems a bit broad to me. But most of the discussion seemed to focus on OSI layers above DNS (mostly above 7), so I didn't follow it to much. > (Sorry; there have been many comments which displayed a lack > of understanding of Tor from persons whose comments seem deserving > of respect but seem under-informed). This is the dnsop working group, so I'm not sure if I have to know TOR to participate here. I assume that people in here have a basic understanding of the dns protocol (knowledge in operating DNS servers also might help as it is an ops group), and that everything else has to be explained in the draft. If my understanding of the problem (leakage) is incorrect than it hasn't done a good job there. I'm ok with .onion being a special name, but we should just do that by normal DNS mechanism. What's wrong with answering REFUSED?. Answering NXDomain is much harder in a DNSSEC world. So long -Ralf _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
