[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] new tld question

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] new tld question
From: adrelanos <adrelanos@xxxxxxxxxx>
Date: Mon, 30 Jul 2012 00:17:11 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 29 Jul 2012 20:16:50 -0400
In-reply-to: <CA+cU71mEGJkVoV7skYb6P2x+PQHvMD=G+UBh9d6iqvFY7b6wtQ@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <5013F9F4.5060706@xxxxxxxxxxxxxxxx> <20120729065107.GB5916@xxxxxxxxxxxxxx> <CA+cU71mEGJkVoV7skYb6P2x+PQHvMD=G+UBh9d6iqvFY7b6wtQ@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Tom Ritter:
> It's possible that next time around, Tor could apply for .onion,
> and use it as a tor2web portal - but even if a lot of engineering
> effort was put in[0] - a user visiting aabbccddee.onion in a normal
> web browser would leak its DNS request, and an observer would know
> exactly who they were trying to browse to.  That's not an issue
> with tor2web mode, because it's only the HS, not the user, trying
> to be anonymous. But trying to keep the user anonymous when
> visiting a .onion would be extremely difficult, if not impossible.
> 
> But then again, on the flip side, if a user visits
> aabbccddee.onion without using either a Tor DNs Proxy or TBB, that
> .onion DNS request is still leaked.  So maybe the threat model
> becomes "We know we can't protect users trying to visit a .onion
> without/with-misconfigured Tor, so perhaps we want to at least
> enable the functionality, and hide what the user is doing on the
> HS'.

You could prevent leaking the DNS request by hardcoding the IPs into
mainstream browsers or even more desirable, a bit more low level, into
the operating system's (windows, linux, any) DNS resolver or kernel.
Would need discussion if such as patch could be officially accepted by
DNS resolver / kernel.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJQFdKHAAoJEJwTGtNxOq7v/QEP/Rsm+jJdOiNXx4HzQE7Xf99f
F5gH3wTo5FDBmSYHYfRRx/yxL3asEDFOFnUafvB/3W+8rPdWBS2a+8WYuri7iHy+
nug8ME3n7pCvt2pkhPnZMYMoHD8hQgC3a3eDfgLOxB5sVdi4sn/gi3LJ8lrIc5hv
gFICXZ85dCogGX7p/5bBLKwy4KoJjdkjBouGpb51Mp9NUc03KNCwtC2kwG+DF7tp
MfFgYP5copnS9M/zifNoRZ9wVGPhHIaDFTEAnQ0+hWt2Hdbj5SyVLcgEsNbQR/Gp
P++Zh5ubEwRlLr/iRjirMxzxNiyFenzGGIzgenAg+Xsdh4GbBkMEsWlwhXQh01Pd
Zm8TGZ0iYYeKfBzhFaCFzC1wzq+DyCdPz1JElc9fOo1ydXCmPWd7r/bhT+r5Ll9Q
8C/9Jew6fE/42+0f7U75pCUXz3iDlH2CR2P8jCDpG3feoC+RkqZfHh0SghnAE4w4
FMohQIm6qUonTYO5+Ypg0qGtnNBZBTKYPlIogGK1FwL0Hy+q3KPUsMhbb/LyJUFJ
T3TMvD+xpH2/QPrxV8k9syairGeMMF+iHpKyBt1PPujztklGGBrO1TQfPdx17KZn
7HAS+7C/Ik22lDQqCjfDRfW+TmHMk/dMOJHLexyY1j7ZnYIo1EgAl75uEmCFCvSF
RSBFLD92EZrunMcppYjD
=sIeS
-----END PGP SIGNATURE-----
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] new tld question
  - From: Webmaster
- Re: [tor-talk] new tld question
  - From: Roger Dingledine
- Re: [tor-talk] new tld question
  - From: Tom Ritter

Prev by Author: Re: [tor-talk] Free WiFi Bootable Ditros
Next by Author: Re: [tor-talk] Advices for a Newbie
Previous by thread: Re: [tor-talk] new tld question
Next by thread: Re: [tor-talk] new tld question
Index(es):
- Author
- Thread