[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #18119 [Tor]: .onion domain names can be really short
#18119: .onion domain names can be really short
-----------------------------------+-------------------------------------
Reporter: azazar | Owner:
Type: enhancement | Status: closed
Priority: Medium | Milestone: Tor: very long term
Component: Tor | Version:
Severity: Normal | Resolution: wontfix
Keywords: tor-hs needs-proposal | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------------+-------------------------------------
Changes (by dgoulet):
* status: needs_revision => closed
* resolution: => wontfix
Comment:
I'll NACK this also. It's true we can improve on the *UI* side like teor
mentioned but this change makes it baked in tor entering a slippery slope
of security issues and increasing attacker surface to trick users.
And yes, next gen hidden service (prop224) will render this useless. There
are ideas running around on offering a way for users to use smaller
addresses in prop224 which is a tradeoff in security vs usability.
Basically, it looks a bit like this proposed solution where you would use
a smaller portion of the key and if it matches the start of a descriptor
address on the HSDir, we would return it. But this would need either a
proposal on its own or modification to prop224 before we could consider
implementation.
We should open a specific ticket for smaller address idea _specifically_
for proposal 224 and detail the mechanics in there. So closing this, I see
two NACKs now and a very uncertain diplomat teor :).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18119#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs