> On 15 Jul 2015, at 8:42 pm, Edward Lewis <edward.lewis@xxxxxxxxx> wrote: > 4. Caching DNS Servers and > 5. Authoritative DNS Servers > > I really believe that for DNS elements, there should be no change. By > intent, the onion names are not to be presented to the DNS by what's in > category 2 and 3 (Applications and Name Resolution API's respectively). I > see placing any requirement on DNS elements - and by that I mean the > software used to implement the DNS standard - as a bad idea, under the > heading of "permanent fix to a temporary situation." (I.e., Tor may not > be permanent, if it is, as software matures onion names will not be in DNS > queries.) I do think the privacy leakage issues from .onion names being treated as normal DNS queries are a significant issue, and likely to be one that will increase, not decrease, with broader Tor adoption and understanding. I agree that as software matures .onion names will not be in DNS queries - and i believe that specifying that behaviour in the RFC is an entirely appropriate way to accelerate that. Software adoption does not arrive at a mature state spontaneously, the first step to adoption is specifying what the correct behaviour should be. Unless a specific strong argument can be made that appropriate dealing with .onion names should only be in client libraries but not in DNS resolution libraries, changing resolution for .onion appears to be a useful way to mitigate a known problem. David
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail