[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 274: A Name System API for Tor Onion Services



Hi,

Why run a separate process instead of using unix socket or TCP socket?

> Since a Namecoin domain can point to IP addresses and ICANN-based DNS
> names in addition to onion service names, and a Namecoin domain owner
> might wish to switch between these configurations without causing
> downtime or forcing their users to change behavior, I recommend against
> this.  However, see the open question below:

> Open question: If a Namecoin domain points to an onion service, end
> users might expect encryption to be built in, and this assumption will
> be violated if the Namecoin domain switches to using an IP address.
> However, Namecoin domains can include TLS fingerprints, which would be
> enforced for both the IP address and the onion service address.  Is it
> sufficient to tell users that TLS is required if they want encryption
> for Namecoin-addressed services, or is some additional mechanism
> needed here to avoid bad things?

How about specifying whether the Namecoin domain should point to .onion
or clearnet in the domain?  We can require that TLDs for such service
must end in either:

o o: The name points to a .onion name.

o i: The name points to an IP address.

o a: The name points to a clearnet domain name.

So example.zkeyo points to 66tluooeeyni5x6y.onion.  example.zkeyi
points to 192.0.2.1 or (and?) 2001:db8::1.  example.zkeya points to
example.com.

Vina Gaff

Attachment: signature.gpg
Description: application/pgp-encrypted

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev