[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Memorable onion addresses (was Discussion on the crypto migration plan of the identity keys of Hidden Services)

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Memorable onion addresses (was Discussion on the crypto migration plan of the identity keys of Hidden Services)
From: Matthew Finkel <matthew.finkel@xxxxxxxxx>
Date: Fri, 7 Jun 2013 16:15:28 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 07 Jun 2013 12:15:12 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=+tfVE/lSioMZPP6QRZ8BX90UqRuLwezKokOejvgGrw8=; b=onTRI8FTcXJKz9hbCwJI0UP8SmkjEuJWLpIRzkZsVf9JY2x82igxV2/CT8U0Jp/3tw fcFNEYGwURdmYP2pmyPyekEUA2eniXOMmER/PqRvfuAM+JUNV9/88sfCGdnWC16S+vMv rmnEr8KH17/MqCM92hU9lC2uZrt/vvpJrTi0SdTMmn2hwdxdSFKfQZ+Jb/IR8yUXqgMo uQW4Ddcg5ZgTKvcmuSoCjGHmqv7llASqhfcJ2stiDdg6r1tZAgrL0kGAS7T8PyTCImYp CWrrs9U/rp8/SZbwyVHvVbf+qIv2Qmr4ragCWAW1aSr5PoHlUwL7HLSuVXRLieSGkf8D fOCA==
In-reply-to: <CAD2Ti2-SkHs4y779t7y=+ye7b_cLZLEM02m1gg4Gp=9g136kdg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <1ce4ad2adaab4af523c4be2419e9c5df.squirrel@xxxxxxxxxxxxxxxxxxxxx> <5196481D.90207@xxxxxxxxxx> <dbc2e4df2cc5a843292a8bbeac25d8a8.squirrel@xxxxxxxxxxxxxxxxxxxxx> <5196CCE6.6060200@xxxxxxxxxx> <20130518033142.GB5645@xxxxxxxxxxxxxx> <45b9fc4076c787b7aee2422626ee3c93.squirrel@xxxxxxxxxxxxxxxxxxx> <20130519173949.GA15612@localhost> <CAGKHomfDvM36LUxGPGGEJFHiMFWP_=eiyF5n3jJqTNOAVO54ow@xxxxxxxxxxxxxx> <20130606124836.GA3297@localhost> <CAD2Ti2-SkHs4y779t7y=+ye7b_cLZLEM02m1gg4Gp=9g136kdg@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.21 (2010-09-15)

On Fri, Jun 07, 2013 at 02:23:55AM -0400, grarpamp wrote:
> >> This has the side effect of promoting good onion upkeep.
> 
> Which people might be loathe to do given the recent paper
> about deanon hidden services seeming to be relatively doable.
> At least until those issues are solved...
> 
> > of the system. After 6 months (or so) the naming will stabilize and be
> > (mostly) consistent month-to-month, but how do we guarantee that a
> 
> ...not if people are replacing their network address every month.
> 

This shouldn't be a problem if the service id (onion address) remains
the same across IP address changes. If the HS is stable then, as far as
I understand this system, it should maintain its name.

> > I know very little about eepsites, but as long as the guarantees
> > provided by eepsites and HS are equivalent regarding security and
> > anonymity, this is an interesting idea. The easiest/obvious way to
> > accomplish this is to have gateways/peering-points between the two
> > networks
> > ...
> > Unless, are you talking about running I2P and Tor on the same
> > computer/network and being able use the same naming scheme to connect to
> > both eepSites and Hidden Services?
> 
> One such obvious scheme that exists today is your host simply
> routing packets out its tunnel interfaces resident on respective
> Tor / I2P / Phantom IPv6 address space to some such services.
> 
> Then anything, or set of things with unique addressing amongst
> them, can have some petname layer on top.

Sure

> 
> > malicious actor is not able to register popular internet domains
> > (torproject, ddg, etc) before the legitimate/honest actor?
> 
> Really? Lol. You're not going to solve that even if you recreate
> the non-anonymous internet. Petname strings in an anonymous
> censor free system have no gatekeepers. As with the internet,
> users will set up, choose, and duke it out in their own DNS for that
> if they want it... on top of the provided secure network addressing.
> 
> Even being able to put/maintain *any* name out there will be hard.

Right, which is why I'm not sure a centralized naming system will work
in this environment. 1) The user loses the self-authentication of the
service (whether or not they understood they had it in the first place).
2) It's not possible to guarantee a name maps to the same hidden service
over long periods (see 1.) and if trust in placed in the name then this
is important. If I visit https://google.com I expect not to be MITMd
and I expect to receive a reply from Google Inc's webserver.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Memorable onion addresses (was Discussion on the crypto migration plan of the identity keys of Hidden Services)
  - From: grarpamp

References:
- Re: [tor-dev] Memorable onion addresses (was Discussion on the crypto migration plan of the identity keys of Hidden Services)
  - From: Matthew Finkel
- Re: [tor-dev] Memorable onion addresses (was Discussion on the crypto migration plan of the identity keys of Hidden Services)
  - From: grarpamp

Prev by Author: Re: [tor-dev] Discussion on the crypto migration plan of the identity keys of Hidden Services
Next by Author: Re: [tor-dev] Torsocks locking design
Previous by thread: Re: [tor-dev] Memorable onion addresses (was Discussion on the crypto migration plan of the identity keys of Hidden Services)
Next by thread: Re: [tor-dev] Memorable onion addresses (was Discussion on the crypto migration plan of the identity keys of Hidden Services)
Index(es):
- Author
- Thread