IETF Logo Mail Archive

Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard

Sam Hartman <hartmans-ietf@mit.edu> Tue, 21 July 2015 14:16 UTC

Return-Path: <hartmans@mit.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 173091B2D81 for <ietf@ietfa.amsl.com>; Tue, 21 Jul 2015 07:16:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 58yEe20Lfpyj for <ietf@ietfa.amsl.com>; Tue, 21 Jul 2015 07:16:18 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA4681B2D95 for <ietf@ietf.org>; Tue, 21 Jul 2015 07:16:17 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 0093E20757; Tue, 21 Jul 2015 10:15:55 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TtpPw9-7SFwV; Tue, 21 Jul 2015 10:15:54 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org (unknown [31.133.138.149]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Tue, 21 Jul 2015 10:15:54 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 5285E82120; Tue, 21 Jul 2015 10:16:15 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Ted Lemon <ted.lemon@nominum.com>
Subject: Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard
References: <CD5AD7A8CCF5852BB1CE0AC1@JcK-HP5.jck.com> <DCB0DEDD-9B0F-4103-BA28-4265F20F9BAA@nominum.com> <DFB8A13C069E919B80105032@JcK-HP5.jck.com> <BF3E292D-7A3C-48D5-9B87-63B9675D098F@nominum.com> <CAKr6gn0r8VShe==CMSA=AkOH02SgXUpFARd8eiE=eP_tRS5kOA@mail.gmail.com> <E28EA91B-0F4A-4090-9C9A-0BA1325ECC34@nominum.com> <tsly4i9zq89.fsf@mit.edu> <63FECA0D-0AAD-46A9-BD42-5CB36C42DBB6@nominum.com>
Date: Tue, 21 Jul 2015 10:16:13 -0400
In-Reply-To: <63FECA0D-0AAD-46A9-BD42-5CB36C42DBB6@nominum.com> (Ted Lemon's message of "Tue, 21 Jul 2015 08:25:58 -0400")
Message-ID: <tsllhe9zjde.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/u30KWy8ZbxW1xxgO9xU3qT_wGs8>
Cc: John C Klensin <john-ietf@jck.com>, Sam Hartman <hartmans-ietf@mit.edu>, IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2015 14:16:19 -0000

>>>>> "Ted" == Ted Lemon <ted.lemon@nominum.com> writes:

    Ted>    Absolutely.  However, it is perhaps worth noting that there
    Ted> is a long-standing solution to the problem that
    Ted> doesn€™t require socks: nsswitch.conf.
    Ted> It€™s not the right architectural solution either,
    Ted> for a couple of reasons: not an appropriate UI for non-hackers,
    Ted> and a bit too dependent on the list of things switched being
    Ted> small.  But the point is that this is actually a pretty
    Ted> well-understood problem, and if, as a policy, we continue to
    Ted> add special-use names as required, the solution to the problem
    Ted> of how to handle these special-use names in the host stack is
    Ted> already well understood.

At least on my OS, nsswitch.conf only allows me to change name
resolution.
It doesn't allow me to connect to a hidden service without modifying my
application.
(There's no IP address corresponding to  the application.)
I could I guess allocate a IPv6 ULA (or site-local eve) block to a local
tun adapter, have a name service engine that allocated addresses in that
range to hidden services, and then grab the packets out of that tun
interface, map back to v4, and run through TOR.

However, both the sox approach and what I'll call the
nsswitch+extra_complexity approach have a dependence on DNS in common.
The slot that my application has is a hostname slot, not a URI slot when
interacting with the network layer.

--Sam

v2.23.0 | Report a Bug | By Email