Re: Browsers and .onion names

Hi Cory,

On 11/29/15 10:52 AM, Cory Benfield wrote:
> Mark,
>
> I’m sorry if I was insufficiently clear. When I said “rely on users not to just throw .onion names into every settings field they find”, I specifically meant that many applications have settings fields that allow users to provide names that will be looked up. For example, at my previous employer we had a RADIUS implementation that would talk over the network, and so would emit a DNS lookup. Are we really saying that that software should be filtering .onion names because a telco operator *might* put a .onion name into the “RADIUS server” configuration field?

I'm still not entirely clear on what the concern is.  I *think* what is
being said is the following:

 1. .onion requires special handling.
 2. If you don't know how to handle it, pass an error back to the user.
 3. If you're about to query the DNS for a .onion name, then you don't
    know how to handle it.

Whether this is with a browser or curl or something else, that seems to
make sense to me.  I could easily envision a proxy that can handle
.onion.  That means one might never get to step 3 if you're using a proxy.

Or have I missed the point?

Eliot

Received on Sunday, 29 November 2015 18:46:24 UTC