Hi Cory,
On 11/29/15 10:52 AM, Cory Benfield wrote:
> Mark,
>
> I’m sorry if I was insufficiently clear. When I said “rely on users not to just throw .onion names into every settings field they find”, I specifically meant that many applications have settings fields that allow users to provide names that will be looked up. For example, at my previous employer we had a RADIUS implementation that would talk over the network, and so would emit a DNS lookup. Are we really saying that that software should be filtering .onion names because a telco operator *might* put a .onion name into the “RADIUS server” configuration field?
I'm still not entirely clear on what the concern is. I *think* what is
being said is the following:
1. .onion requires special handling.
2. If you don't know how to handle it, pass an error back to the user.
3. If you're about to query the DNS for a .onion name, then you don't
know how to handle it.
Whether this is with a browser or curl or something else, that seems to
make sense to me. I could easily envision a proxy that can handle
.onion. That means one might never get to step 3 if you're using a proxy.
Or have I missed the point?
Eliot