Hi Hellekin!
I would agree that leak avoidance is “a major” rather than “the prime”
point of having .onion reserved as a TLD.
There are many good reasons for reserving “.onion” as a TLD, including but
not limited to:
- avoiding leaks (above)
- not wasting resource on trying to resolve the “.onion” special use
domain name (flipside of above)
- SSL/TLS EV certificate issuance per CA/B Forum Ballot 144
- ...meaning that sites can adopt a “.onion” address without reworking
their HTTPS code
- ...and also that EV site attestation works, to the extent that that may
be valuable (eg: SecureDrop site for <NEWSPAPER>)
- generally putting “.onion” on an official footing / erasing doubt
Folk more creative than I can certainly add to this list, though as you
say privacy (esp: organisations watching for people doing errant onion
lookups) are a risk to the privacy of individual users!
- alec
On 3/24/15, 10:45 PM, "hellekin" <[email protected]> wrote:
>*** Well, although you're right as far as *applications* are concerned,
>this is still a big deal because humans are using these appplications,
>and that's the prime interest of having such a TLD reserved in the first
>place, that the DNS does not propagate any leak. So I agree with your
>amendment, but not with the "not a big deal" statement, which completely
>ignores the fundamental privacy implications of such leaks to the DNS.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
