Re: [tor-dev] Special-use-TLD support

[Jeremy Rand <biolizard89@xxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 09/28/2015 01:34 PM, Jeff Burdges wrote:
> On Sun, 2015-09-27 at 22:31 +0000, Jeremy Rand wrote:
>> 
>> Hi Jeff,
>> 
>> Thanks for working on this; Namecoin is definitely interested in 
>> this effort.  I have one comment.  SPV-based Namecoin clients 
>> will, under some circumstances, generate network traffic to
>> other Namecoin P2P nodes containing names being looked up.  To
>> avoid linkability, stream isolation should be used so that
>> different Namecoin lookups go over different Tor circuits if the
>> lookups correspond to TCP streams that go over different Tor
>> circuits. (Also, the choice of Namecoin nodes to peer with should
>> be different for each identity.)  Therefore, it seems to me that 
>> there should be a mechanism for Tor to provide stream isolation 
>> information to the naming systems that it calls, along with "new 
>> identity" commands.
>> 
>> The above issue doesn't affect full Namecoin clients, or SPV 
>> Namecoin clients that download the full unspent domain name set. 
>> I don't know enough about the GNU Name System to know how this 
>> issue affects it, if at all.
>> 
>> Thoughts on this?
> 
> Yes.  I distrust running p2p applications not specifically
> designed for Tor over Tor.  The GNU Name System will therefore run
> the DHT process on volunteer Tor exist nodes, much like how DNS
> queries are handled by exit nodes.
> 
> Imho, Namecoin should similarly develop a Tor Namecoin shim client 
> that contacts special SPV Namecoin clients running on volunteer 
> exit nodes. I'm working on a second torspec proposal that adds an 
> AnycastExit option to simplify this.
> 
> In the long term, there are obviously concerns about bad exit 
> nodes, especially if there are only like two exits supporting 
> Namecoing or GNS, but currently so few people use GNS or Namecoin 
> that we can probably ignore this.


Hi Jeff,

Do I infer correctly that the main intention of this is to decrease
the possibility of attack by a Sybil attack on the Namecoin network,
by making the Namecoin peer selection process have similar properties
to Tor relay selection (which is relatively Sybil-resistant)?  (And I
guess this would also eliminate issues where a Tor client connects to
a Namecoin peer who also happens to be his/her guard node.)  If so, I
think I cautiously agree that this may be a good idea.  (I haven't
carefully considered the prospect, so there may be problems introduced
that I haven't thought about -- but from first glance it sounds like
an improvement over what Namecoin does now, at least in this respect.)

The issue I do see is that SPV validation doesn't work well unless you
ask multiple peers to make sure that you're getting the chain with the
most PoW.  So I gather that this would require connecting to Namecoin
peers running on multiple exit nodes.  I don't think that's
problematic, but it would have to be taken into account.

- -Jeremy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWCeJpAAoJEAHN/EbZ1y06h8oQAJGATJdiWg12mcRsZJ8RQeUX
mkTw+CYRMqptqt1J2PjG2g0nTIRyrwmG/coufMhPNMJBfiOKRxNvnSO/QxotUZmx
0xqzTHoaWOvNokjkGumg2J44RRFtFMPZp4/W0fpAIX820ch13f4C0RTt1qH4Asxd
PFlt/LXlVtaBHthBeAh8GNfPOmQJG0hPxLg0pP8sD2CrfvXk1VaW+dyHAvqJrPcG
CjYcgKsnzYX/FG558Kd7tfCosV95GQujMUY1AUkS7WZjU/vDXFnjZPkGjnBBOWwB
vWEYCrLMmkJWBFyTaJvdy5M39+RiXB29YlMvwOb/+dZ5QhsutU/43cP2Bi4lEqay
5ozNpDQdKEZt5Zzxs75Uad5+zEuvSg05OUEHAMgWjZQWnObnCvskWS+G2cIsgyKE
LkwntN2Njpn6UmSTQpVhakEWIcQ4n8qX6jZyw9mLxGuA4Vjlxptv40J64VvDjLri
eyokAEFO8kYtGD+3tRfj/bUjJ94q2Fb23M9Wtp93KwbhUkc6ZlZmCWtAYzNhev9e
ByjQhTcj0Y29VkS735ey0ux89FqewXR756crC63a7S2sLsU4mT8CjVcQCc+RGhbD
lcv0CbSe8zo4+RrS1yWCaPZu1sLEVKFs1m4629/zZqtusUONLNs064sfmKCa5ZZA
IAu2MwkFBJqsBi1m35nU
=WrEQ
-----END PGP SIGNATURE-----
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev