On 09/27/2016 11:15 AM, Jeff Burdges wrote:
There were a couple reasons I stopped the work on integrating GNS with Tor, which Christian asked me to do : First, I did not like that users could confirm that a particular subdomain exists if they know the base domain's public key. Second, I disliked the absence of the collaborative random number generator protections you guys added to Tor.
I am curious, what is your issue with the subdomains? Are you referring to enumerating all subdomains, or simply being able to confirm that a particular subdomain exists? If I know that google.com exists and I am looking for Google Maps, it seems reasonable that I might try to look up maps.google.com. I wasn't able to find a practical solution against enumeration for OnioNS, but I am curious what your exact concerns are here.