Re: Browsers and .onion names

On 29/11/2015 2:24 p.m., Alex Rousskov wrote:
> On 11/25/2015 10:29 PM, Mark Nottingham wrote:
> 
> 
>> Now that we have RFC7686, there's a new requirement applicable to HTTP clients:
> 
> That requirement is for RFC 7686 applications, not HTTP applications. If
> some HTTP applications decide to comply with RFC 7686, then they may do
> so, of course, but that decision has pretty much nothing to do with HTTP.
> 
> Proof: If the requirement were to apply to all HTTP clients, RFC 7686
> would have been marked as "updating" HTTP (and 100s of other protocols
> with RFCs).
> 
> The discussion should probably stop here because the problems with that
> RFC are not related to HTTP.
> 
> 
> 
>> Is this just a misunderstanding about the word "use" [...]?
> 
> ...
> 
>> I (and I think most others) read that as being in the context of the
>> operation of the DNS protocol (given the nature of the registry).
> 
> Is routing all HTTP requests for .onion URLs to a
> big-brother.example.com HTTP proxy considered "use", even if there are
> no DNS operations involved?
> 
> Is logging details of all HTTP requests for .onion URLs in a special
> NFS-mounted big-brother.log file considered "use", even if there is no
> DNS operations involved?
> 
> 
> AFAICT, given the presumed nature of the problem, RFC 7686 ought to
> cover any sharing of the domain name with services outside application
> control (including log processing services, some HTTP peers, and DNS
> servers). DNS lookup is just one [common] example of using such services.


Very good questions. Note that...

If you can answer "yes" to any of them, there are MUST that need to be
complied with.

If you answer "no" to all of them, there are SHOULD that need to be
complied with,

Under no circumstances is non-implementation (non-compliance) of this
RFC permitted (by it, and it alone). And people are starting to file bug
reports about that against HTTP agents. See the problem?

Amos

Received on Sunday, 29 November 2015 03:50:59 UTC