Alec, On Mar 17, 2015, at 9:20 AM, Alec Muffett <[email protected]> wrote: > Christian’s response clearly distinguishes the separateness of Jake & my > document "draft-appelbaum-dnsop-onion-tld-00.txt” from his > “draft-grothoff-iesg-special-use-p2p-names”.
Yes. Hopefully, a revised version of draft-grothoff will be provided at some
point, however that's unrelated to your draft.
> In my previous e-mail I have outlined the goals of
> “draft-appelbaum-dnsop-onion-tld-00.txt” and will happily address any
> further questions.
Some thoughts on draft-appelbaum:
* In section 2:
" 2. Application Software: Applications that implement the Tor
protocol MUST recognize .onion names as special by either
accessing them directly, or using a proxy (e.g., SOCKS [RFC1928])
to do so. Applications that do not implement the Tor protocol
SHOULD generate an error upon the use of .onion, and SHOULD NOT
perform a DNS lookup."
I might revise the second sentence to say:
"Applications that do not implement the Tor protocol will be unaware of the
special treatment of the .onion domain, however in keeping with all names found
in the Special Names Registry, such applications SHOULD generate an error upon
use of .onion names and MUST NOT perform a DNS lookup."
(this makes the assumption that namespace defined by the Special Names Registry
is not the DNS namespace)
" 3. Name Resolution APIs and Libraries: Resolvers that implement the
Tor protocol MUST either respond to requests for .onion names by
resolving them (see [tor-rendezvous]) or by responding with
NXDOMAIN. Other resolvers SHOULD respond with NXDOMAIN."
I'd probably revise this to:
3. Name Resolution APIs and Libraries: APIs and libraries that implement
the Tor protocol MUST either respond to requests for .onion names by
resolving them (see [tor-rendezvous]) or by responding with
NXDOMAIN. APIs and libraries that do not implement the Tor protocol
will be unaware of the special treatment of the .onion domain, however
in keeping with all names in the Special Names Registry, calls with
.onion names SHOULD generate an error and MUST NOT perform a DNS
lookup.
" 4. Caching DNS Servers: Caching servers SHOULD NOT attempt to look
up records for .onion names. They SHOULD generate NXDOMAIN for
all such queries.
5. Authoritative DNS Servers: Authoritative servers SHOULD respond
to queries for .onion with NXDOMAIN."
In both of these, why not "MUST" instead of "SHOULD"?
In section 4:
" .onion names are often used provide access to end to end encrypted,"
Probably should be "... used to provide ...". Stylistically, might also say
"end-to-end".
Hope this helps.
Regards,
-drc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
