[Standards] Council Minutes 2019-07-10
travis at burtrum.org
Sat Jul 20 03:34:16 UTC 2019
On 7/19/19 7:52 AM, Florian Schmaus wrote:
> On 19.07.19 07:36, Travis Burtrum wrote:
>>> If the initiating party cannot connect via either SRV record, it
>> SHOULD perform A/AAAA fallback to port(s) of it's choice (perhaps 443,
>> 5223, etc) because, in the absence of DNSSEC, SRV records cannot be
> If in the absence of DNSSEC SRV records cannot be trusted, which is of
> course true, why should you trust A/AAAA resource records?
That is a fair question, there are a few reasons I can think of, poorly
configured networks either intentionally or not, tor dns supports A/AAAA
but not SRV, maybe others?
But more importantly you aren't implicitly trusting them, only if the
TLS cert is valid do you connect, so I don't see the harm in attempting
to connect anyway, where as giving up early can cause harm in the form
of a user not being able to connect.
More information about the Standards