[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Talks of hidden services and DNS

Hello HD,

I think that the only way it would work would be a first come, first
serve basis.  I do not think that authentication would be required,
although we could limit the amount of domains per onion address so
that we do not have one user taking up 500,000 domains or something.
The registrar could also run a program to make sure that there
actually is a website (or server) running at the hidden onion address.
I think this way it would be too much hassle without any gain for
someone to destroy the DNS network.

The way that I see it would be all of the current hidden servers would
quickly get a name that they choose, and then as new servers come on
names should be readily available.

This all depends on how .onion addresses are assigned.  For example,
could one server have more than one .onion address?  Could it have

And also, should the registrar servers drop .hidden.int. or .hidden.
domains after a week or so of not being able to contact the .onion.?

On 3/11/07, H D Moore <torspam@xxxxxxxxxxxxxx> wrote:
The tricky part will be deciding who is authoritative for the DNS records.
If any user can submit a name, what if its already taken? Does it
overwrite, or is it first-come, first-serve? If its distributed, then a
rogue operator could serve false responses for a target name. If this is
something that the tor "core" would operate, it still needs some form of
authentication to manage/update/remove/etc.... and authentication seems
to be the exact opposite of what tor is supposed to provide.


On Sunday 11 March 2007 21:10, Kasimir Gabert wrote:
> I do not see any major security holes that this would bring up. It
> seems to me like it would be the same as accessing google.com through
> Tor -- the DNS is looked up through Tor and so it would not be
> overridden by a malicious ISP or country.

Kasimir Gabert