[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Talks of hidden services and DNS

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Talks of hidden services and DNS
From: "Kasimir Gabert" <kasimir.g@xxxxxxxxx>
Date: Sun, 11 Mar 2007 20:10:40 -0600
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Sun, 11 Mar 2007 22:10:53 -0400
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=d4hbTTw4dmlGZu887Gv51OSzsRboWUTohXMiMafZYAjb4RjM/r2D/AIWpiaLR54p9XuNMleI12ZVfUggsBtlq1ovzQS9IyM33Wjlm5+XXasjPZ3AZBuihM0lPxji4Q5K/zcQ+QXQ4jRAjbxzUGdkdFf90D0y60RIzECYqXEB1tY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Z9TAQXa2c2LPHSLqRfiKGduXb+eVblspnlvhnEUJYiwYeoH+UdHEXRO0FqUNB8EFsIwUeNvQJpLfzavj5zTp94XVB07Od0xuOfwY27bZscKwG5rUhNIMR5tjM/0Tdwfz/+oEVq9hYkjhelp1lJxVBf5p9BOmepp8W5sxFvqMTn0=
In-reply-to: <1bd71ad80703111129v5d3467fev11a825aad98810ed@mail.gmail.com>
References: <52836a540703110840w7b7f1b6elcf6757913d400521@mail.gmail.com> <3922422b0703110844k77ccb03fw8503e05a7fadb82c@mail.gmail.com> <1bd71ad80703111129v5d3467fev11a825aad98810ed@mail.gmail.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Hello,

This definitely sounds like it will work, and I cannot see it really
taking any extra or special coding.  I think it would work "out of the
box".  The DNS would work both in and out of Tor.  It would be running
outside of Tor, so users not using Tor would get back the CNAME
pointing to 1234abcd.onion and realize that they need Tor to use
.hidden. domains (or .hidden.int.).  It really seems to me like it
should all work well and integrate smoothly into the current system.
Then again, I am very new to Tor, so I could be overseeing something.

I do not see any major security holes that this would bring up.  It
seems to me like it would be the same as accessing google.com through
Tor -- the DNS is looked up through Tor and so it would not be
overridden by a malicious ISP or country.

Kasimir

On 3/11/07, Michael_google gmail_Gersten <keybounce@xxxxxxxxx> wrote:

Cnames to convert something like .hidden to .onion is a decent idea.
If nothing else, when people start clicking on links, and getting
"unresolvable"/"No such host", that might give more exposure to tor to
other people.

We could set up a DNS system entirely within Tor. Just have cnames
from host.hidden.onion to somelongkey.onion, and it is never seen by
the rest of the DNS world. The mappings would be registered with the
directory servers, who would track known, registered mappings from
host.hidden.onion to key.onion, and key.onion's would be registered as
they currently are.

We could even do a combo. Get a special TLD now, or add to an existing
special, like .int. (approval time? About a week). Start putting in
names, registrar being the Tor central directory servers. In about 3
months time, when the code is written and tested, move to Tor served
names.

--
Kasimir Gabert

Follow-Ups:
- Re: Talks of hidden services and DNS
  - From: H D Moore

References:
- Talks of hidden services and DNS
  - From: Kasimir Gabert
- Re: Talks of hidden services and DNS
  - From: Ringo Kamens
- Re: Talks of hidden services and DNS
  - From: Michael_google gmail_Gersten

Prev by Author: Talks of hidden services and DNS
Next by Author: Re: Talks of hidden services and DNS
Previous by thread: Re: Talks of hidden services and DNS
Next by thread: Re: Talks of hidden services and DNS
Index(es):
- Author
- Thread