Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



As someone with moderate experience in both DNS and web server configuration, FWIW I found the meaning relatively obvious. The notion that HTTP Host headers might be used to change web server response independent of name resolution (e.g. that two names that return identical responses to every possible DNS query, but produce different web server responses) has been fairly intrinsic to how web servers operate for a couple of decades now, and this seems a simple but useful clarification regarding how this operates for .onion names to me. 

David

On 17 Jul 2015, at 11:17 pm, Eliot Lear <lear@xxxxxxxxx> wrote:

Hi Richard,

Thanks for the explanation.  Please see below.

On 7/17/15 4:38 PM, Richard Barnes wrote:
On Fri, Jul 17, 2015 at 4:20 PM, Eliot Lear <lear@xxxxxxxxx> wrote:
I have no particular objection to the concept here, but I do have a
question about one sentence in the draft.  Section 1 states:
  Like Top-Level Domain Names, .onion addresses can have an arbitrary
  number of subdomain components.  This information is not meaningful
  to the Tor protocol, but can be used in application protocols like
  HTTP [RFC7230].

I honestly don't understand what is being stated here, or why a claim is
made about HTTP at all in this document.  Are we talking about the
common practice of www.example.com == example.com?  And what
significance does that last phrase have to the document?
I made a comment on this to the authors earlier, and they decided to
leave it as-is :)

The idea is that TOR routing will only use the first label after
.onion, but if you're using the .onion name in an application, that
application might use the whole name.  For example, if you put
"http://mail.example.onion/", TOR will route on "example.onion", but
the HTTP Host header might be "mail.example.onion".

-

I just leave the IESG and WG with the comment that two of us "old
timers" are trying to divine the meaning of those two sentences, and
that can't be good for others with (even) less clue.  Personally I think
the easiest approach is to remove those two sentences, but if others
really disagree, then a bit more clarity seems in order.

Eliot


_______________________________________________
DNSOP mailing list
DNSOP@xxxxxxxx
https://www.ietf.org/mailman/listinfo/dnsop

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]