On 11/29/15, Philip Homburg <pch-dn...@u-1.phicoh.com> wrote: >>.onion was the chosen approach precisely because nothing else but lookup >> and s >>ubsequent routing has to change; there are no other application-level >> decision >>s about .onion, and that's a feature. HTTP still works, TLS still works >> (once >>you can get a cert), links still work, HTML still works. Same-origin policy >> st >>ill works. > > Call me old-fashioned, but I think this is silly. > > The purpose of the domain name system is to name things. We have IP > addresses and we want to refer to them using names. We do the same thing > with mail domains, etc.
That is not the sole purpose - we use DNS for keys, for time stamps, for data of all kinds. > > In goes a name, out comes some lower level entity. > > In this context an onion address should have been an 'IN ONION', i.e, > www.example.com might have an 'IN ONION' address for use with TOR. > And that would also require special handling... > Now instead, .onion doesn't map to anything. In goes an onion address (and > not a name) out comes nothing. All, .onion does is signal a particular > transport protocol. > The above is pretty much entirely false. It does map to things. It does also do more than signal a transport protocol. It is also a secure self authenticating name. The name is itself meaningful in a global context. > So it is a clear abuse of the domain name system. It might be that it is > the > best option. But my guess is that is was just the easiest hack to get it > working. I'd hardly call all of this work easy but I hear your point. All the best, Jacob _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
