[tor-dev] Proposal 274: A Name System API for Tor Onion Services

i9nvrppj at tutanota.com i9nvrppj at tutanota.com
Sat Oct 8 15:51:32 UTC 2016


Hi,

Why run a separate process instead of using unix socket or TCP socket?

> Since a Namecoin domain can point to IP addresses and ICANN-based DNS
> names in addition to onion service names, and a Namecoin domain owner
> might wish to switch between these configurations without causing
> downtime or forcing their users to change behavior, I recommend against
> this.  However, see the open question below:

> Open question: If a Namecoin domain points to an onion service, end
> users might expect encryption to be built in, and this assumption will
> be violated if the Namecoin domain switches to using an IP address.
> However, Namecoin domains can include TLS fingerprints, which would be
> enforced for both the IP address and the onion service address.  Is it
> sufficient to tell users that TLS is required if they want encryption
> for Namecoin-addressed services, or is some additional mechanism
> needed here to avoid bad things?

How about specifying whether the Namecoin domain should point to .onion
or clearnet in the domain?  We can require that TLDs for such service
must end in either:

o o: The name points to a .onion name.

o i: The name points to an IP address.

o a: The name points to a clearnet domain name.

So example.zkeyo points to 66tluooeeyni5x6y.onion.  example.zkeyi
points to 192.0.2.1 or (and?) 2001:db8::1.  example.zkeya points to
example.com.

Vina Gaff

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20161008/92bc031f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.gpg
Type: application/pgp-encrypted
Size: 1379 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20161008/92bc031f/attachment.pgp>


More information about the tor-dev mailing list