[tor-dev] DoH over non-HTTPS onion v3

George Kadianakis desnacked at riseup.net
Sun Jun 24 00:19:20 UTC 2018

nusenu <nusenu-lists at riseup.net> writes:

> Hi,
> this is just a short heads-up.
> I'm currently tinkering about how we could
> improve DNS security and privacy for tor clients. My idea write-up is not done
> yet but since the IETF DoH WG [1] is proceeding towards their next steps
> I wanted to move now before it might be to late and let you know that I
> might ask them if they want to allow non-HTTPS uris in the case of
> onion v3 addresses (currently HTTPS is required). This might be handy for TB in the future.
> If you have objections let me know.
> I also reached out to Seth Schoen and asked him about his
> efforts to make onion v3 DV certificates acceptable to the CA/Browser Forum 
> (if that is possible then the HTTPS requirement isn't a problem for DoH over onion v3).

IIUC, you are trying to persuade the working group that they can use
HTTP v3 onions as DNS resolvers.

Sounds good to me! Let us know how we can support you with this :)

More information about the tor-dev mailing list