Hi Paul! I think it would be valid to propose a third direction, which is to partially give-up arguing about the importance of Zookoâs Triangle and instead make attempts to meet human beings and computers somewhere in the middle. I donât believe that this direction should preclude development of the other two - they might indeed be complementary - but making Onion addresses accessible in the ways that an IPv4 âdotted quadâ is, or that an IPv6 â::â field-pad does, cannot be a bad thing. There is, as you point out:
âwhich is akin to the layer that DNS provides atop IP addressing; everyone with a domestic DSL router probably has âhttp://192.168.1.1â bookmarked somewhere, which is more direct and unambiguous than the âhttp://router.localâ that it may also masquerade as, by providing DNS bootstrap through DHCP.
I recall the discussion we had inside Facebook, along the lines of âwhy donât we register âonion.facebook.comâ and issue a redirect, rather than forcing people to type this gibberish?â - an argument which was won by the observation âwe are putting this out for people to have trust, and why should we make them trust DNS+redirection when we can instead give them something direct and unambiguous" Youâll gather that I like âdirect and unambiguousâ. :-) Hence: let there be innovation. Please let a thousand discovery mechanisms bloom - including peer-to-peer directories and tweeted URLs. But, what they boil down to, please let *that* be human-readable, too. The more I like about it, the more I like: a1uik-0w1gm-fq3i5-ievxd-m9ceu-27e88-g6o7p-e0rff-dw9jm-ntwkd-sdxxx.onion âwhere the final âxxxâ is a 15-bit truncated secure hash of the rest of the original raw address bitstring. That way people looking to quickly compare addresses can check the first octet, and the last, and sample a few of the inner ones (ââpeople compare glyphs not wordsââ / âthereâs IEVXD and thereâs E0RFF, I like that one, itâs like Eeyore in Winnie-The-Pooh, and 0WLGM reminds me of Owls") and be reasonably satisfied and reasonably secure. And the XXX can be checked by the browser and tell the user that theyâve goofed-up cut/paste/typing-it-in. And then they bookmark it once it loads. - alec â Alec Muffett Security Infrastructure Facebook Engineering London |
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev