Discuss mailing list

[<vv AT cgs.pw>]

Interesting ideas there. I just want to note though,
that the Tor DNS is not under the control of the
user/browser. AFAIK the DNS server is determined by
the exit node and you can't control that, other than
choosing another circuit.

If you're interested, the description of the design
can be found here:
https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf

~ Ole


On Fri, 29 Sep 2017 23:36:41 -0400
Rouben <rouben AT rouben.net> wrote:

> I wonder if there's an API for Chrome (KHTML) and Firefox
> (Mozilla) engines to:
> 
> - override DNS or proxy (less desirable) settings - this
> would enable lookups of non-OpenNIC domains normally, and
> OpenNIC domains through predetermined DNS servers, or
> perhaps a web API (don't know if DNS lookups are possible
> from within Chrome/KHTML/Firefox/Mozilla API sandbox)?
> 
> - inject root CAs into the browser - again, not sure if
> that's doable at all with any API
> 
> So the above two are requirements to do a "proper" or
> "native" implementation of OpenNIC content access.
> Another way to do it, would be to leverage a proxy like
> http://proxy.opennicproject.org/ - proxy in a bottle so
> to speak.
> 
> Third option is to publish our own distribution of a web
> browser, like the Onion Browser project, but that's a bit
> extreme... unless perhaps we can convince the Tor project
> to modify their browser to use OpenNIC DNS by default?
> 
> Rouben
> 
> On Fri, Sep 29, 2017 at 9:42 PM, Dustin Souers
> <texnofobix AT gmail.com> wrote:
> 
> > Yes they require valid ICANN.
> >
> > I was experimenting with modifying the Let's Encrypt
> > Boulder server, but OpenNIC users would have to trust a
> > OpenNIC CA.
> >
> > On Tue, Sep 26, 2017 at 11:47 AM, Amrit Panesar
> > <neo AT 4195tech.com> wrote: 
> >> A long, long, time ago, in a thread, far, far, away,
> >>
> >> I recall discussions about using CAcert
> >>
> >> http://www.cacert.org/
> >>
> >> but I can't recall if they require an ICANN FQDN.
> >>
> >> has anyone tried recently?
> >>
> >>
> >> On Tue, Sep 26, 2017 at 5:08 AM, Al Beano
> >> <albino AT autistici.org> wrote: 
> >>> It's definitely a step forward, but there are a
> >>> couple of issues that, imo, mean we shouldn't promote
> >>> it as an alternative to just changing your DNS
> >>> settings:
> >>>
> >>> * The resolvers are run by an unknown party and we
> >>> have no idea whether they are trustworthy — at least
> >>> with OpenNIC T2s there is some level of accountability
> >>> * HTTPS doesn't work. Even TOFU TLS is better than
> >>> nothing, and we're moving towards a real CA, so this
> >>> is important.
> >>>
> >>> Maybe we could solve these issues, but I think
> >>> new/fixed windows/Mac apps would be a better idea
> >>> still.
> >>>
> >>> albino
> >>>
> >>> On 26 September 2017 11:57:49 BST, Jonah Aragon
> >>> <jonah AT triplebit.net> wrote:  
> >>> >Wow nice!
> >>> >
> >>> >I’ll test that this afternoon and add it to the wiki
> >>> >if nobody else does.
> >>> >Anyone should be able to edit that site though.
> >>> >
> >>> >Jonah
> >>> >
> >>> >On Mon, Sep 25, 2017 at 11:53 PM Dmitry S. Nikolaev
> >>> ><dn AT mega-net.ru> wrote:
> >>> >  
> >>> >> Yes, you right.
> >>> >>
> >>> >> At this note discussion of the browser exten
> >>> >> stopped and new (about  
> >>> >CA)  
> >>> >> started at tlsca-wg AT lists.opennicproject.org
> >>> >>
> >>> >> If we will continue to talk about browser exten
> >>> >> than https://blockchain-dns.info/ added support of
> >>> >> OpenNIC TLDs already: 
> >>> >> >https://github.com/B-DNS/Chrome/issues/3  
> >>> >>
> >>> >> and after:
> >>> >>
> >>> >> 1.0.6 (2017-09-18)
> >>> >>
> >>> >> Add support for OpenNIC TLDs
> >>> >> <https://wiki.opennic.org/opennic/dot>  
> >>> >(.bbs  
> >>> >> and others)
> >>> >>
> >>> >> But there is no info at wiki.opennic.org about it
> >>> >> yet.
> >>> >>
> >>> >> With best regards, Dmitry S. Nikolaev
> >>> >> virus_net
> >>> >>
> >>> >> On 26.09.2017 05:16, rouben AT rouben.net wrote:
> >>> >>
> >>> >> 0. Browser extension is a brilliant idea, but
> >>> >> SSL/TLS is an issue.
> >>> >>
> >>> >>
> >>> >>
> >>> >> --------
> >>> >> You are a member of the OpenNIC Discuss list.
> >>> >> You may unsubscribe by emailing
> >>> >> discuss-unsubscribe AT lists.opennicproject.org
> >>> >>  
> >>> >
> >>> >
> >>> >-----------------------------------------------------------  
> >>> -------------  
> >>> >
> >>> >
> >>> >
> >>> >--------
> >>> >You are a member of the OpenNIC Discuss list.
> >>> >You may unsubscribe by emailing
> >>> >discuss-unsubscribe AT lists.opennicproject.org  
> >>>
> >>>
> >>>
> >>>
> >>> --------
> >>> You are a member of the OpenNIC Discuss list.
> >>> You may unsubscribe by emailing
> >>> discuss-unsubscribe AT lists.open nicproject.org
> >>>
> >>>  
> >>
> >>
> >> --
> >> Amrit Panesar
> >> http://amrit.be
> >>
> >>
> >>
> >> --------
> >> You are a member of the OpenNIC Discuss list.
> >> You may unsubscribe by emailing
> >> discuss-unsubscribe AT lists.open nicproject.org
> >>
> >>  
> >
> >
> >
> > --------
> > You are a member of the OpenNIC Discuss list.
> > You may unsubscribe by emailing
> > discuss-unsubscribe AT lists.open nicproject.org
> >
> >