Re: [tor-dev] Special-use-TLD support

Subject: Re: [tor-dev] Special-use-TLD support

From: Tim Wilson-Brown - teor <teor2345@xxxxxxxxx>

Date: Mon, 28 Sep 2015 16:13:05 +0200

Delivery-date: Mon, 28 Sep 2015 10:13:20 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:message-id :references:to; bh=1ppvej+aKkjYcgQNGeFjipBl3UmODh60jm4XJaUTYyY=; b=rdbmALffFtkYz4IXZ1sUVOZfjNe0dKoucuyeJVglpwxICPTT7CLblXyjUhRzJbHEpq GxtdHWxZYXjKs24mByvA6j7rtpHJnizuwT7T0Z/i8o1wmYui+U5I3DjXwv7z98Ed++NM EQxqYtJp1iAHTOtre/xKI8jl6YT5K+uZOzXJLM6GhBhMsJll8f2wRBpgRfrKJxJ5kTgR S8sLnML5zgRVFes12jXY81Ux7Peqblt8C3FRbpyc6mkG/dHRNBi6kRSpeC2YDs+kSxFb YXlq0x+7Vcb8xR3qgwYOeYXFtdyDkfZ1SPpPu4a6jXIdMQSoEVg0wtOCn2S3/WwtqMgP tiqA==

In-reply-to: <1443446447.1686.62.camel@xxxxxxxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-dev/>

List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>

List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>

List-post: <mailto:tor-dev@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>

References: <1443376037.1686.18.camel@xxxxxxxxxx> <2DFD1A9F-77D4-4A58-B124-FF535C73A867@xxxxxxxxx> <1443446447.1686.62.camel@xxxxxxxxxx>

Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 28 Sep 2015, at 15:20, Jeff Burdges <burdges@xxxxxxxxxx> wrote:

Are multiple NameSubstitution rules applied in the order they are
listed?

For example:
NameSubstitution .com .net
NameSubstitution .example.net .example.org

What does foo.example.com get transformed into?

In principle, one could apply the most specific (longest) rule, but..

My prejudice is that disjointness should be enforced for anything in
the torrc. Otherwise, one must worry more about attackers modifying
torrc files.

I donât believe this is part of our standard threat models - torrc files are generally trusted.

Are trailing periods significant?

I believe they do not make sense. DNS names may not end in a period,
so this is covered by the references I gave, not sure if I speced it
correctly though.

Fully Qualified Domain Names (FQDNs) end with a period.

They are a absolute domain name reference, rather than domain names without periods, which can have search domains appended by the browser or OS.

https://en.wikipedia.org/wiki/Fully_qualified_domain_name

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev