[onionmx] SRV and v3 onions

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Dec 18 21:46:05 CET 2018 

On Tue 2018-12-18 13:09:43 +0100, meskio via onionmx wrote:
> In sindominio we have added a v3 onion to our onionmx setup. And now I'm 
> wondering what to do with our _onion-mx._tcp. SRV record.
>
> I'm tempted to put the v3 there. But seeing that the tor version in debian 
> stable doesn't have support for v3 onions, I'm wondering how many things are 
> going to break by that. (the one in stretch-backports does support v3)
>
> Is anybody publishing v3 onions in their SRV?
> Are we assuming people uses up to date tor?
> Should we keep the v2 in our record until most distros get a more modern version 
> of tor?
> Is it worth to consider how to publish more than one record?

The DNS is designed to support multiple records for any given record
type and name, and SRV itself has its priority/weighting scheme designed
to accomodate some flavor of load-balancing:

   https://en.wikipedia.org/wiki/SRV_record

So i see no principled reason that anyone *shouldn't* publish a v3 onion
record.

That said, we might want to offer some guidance, both to publishers and
consumers of these records.

barring reports of serious incompatibilities or failures in
widely-deployed OnionMX clients, i'd recommend something like the
following:

For SRV record publishers:

 * v3 onion address SRV records SHOULD have a lower "priority" field
   than v2 onion address SRV records. (an RR with a lower-value
   "priority" field is preferred over an RR with a higher-value
   "priority")

For the consumers of SRVs -- do we need to give explicit guidance other
than following the general suggestions for SRVs?  is there a situation
where you'd want the the consumer of the SRV (the SMTP client) to
prioritiize v3 onion addresses over v2 onion addresses even if the
stated priorities suggest that the domain operator prefers the other
order of prioritization for some reason?

      --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists-7.immerda.ch/pipermail/onionmx/attachments/20181218/af558a39/attachment.sig>

More information about the onionmx mailing list