[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [onioncat] Paper for OnionCat and Tor New Crypto

On Mon, Feb 16, 2015 at 09:19:51AM +0100, Bernhard R. Fischer wrote:
> On Sunday 15 February 2015 12:59:08 grarpamp wrote:
> > Hello.
> > Is there an English version of a paper (or presentation) for this?
> > 
> > Bernhard Fischer - OnionCat und Tors neues Kryptosystem
> > https://www.youtube.com/watch?v=Zj4hSx6cW80
> Unfortunately not yet.
> I'll write a proposal in English on my blog.

Sorry, I only watched this presentation now.. months later.

It didn't click with me why you would do such a hack to
allocate a "next" onion if all you need is a way to upgrade
an 80 bit hash to a full public key. Well, I presume Tor
will maintain backwards compatibility with 80bit onions
anyway, so you can always just look up the 80 bit hash and
find out which key owns it. Should Tor one day indeed upgrade
its crypto it could generate 301 redirect messages from the
old .onion names to whatever comes next. Or it could pin them
in the router. I don't see the need for the procedure that
you proposed.

Also, providing a global cryptographic IPv6 address scheme
in the spirit of cjdns looks like a false problem to me.
Cryptographically authenticated IP numbers do not solve the
problem that DNS can be spoofed to return the wrong address.

Therefore if people want an address they can refer to and that
will always be valid, they can use a simulated TLD which uses
the entire public key, much like the .zkey proposal. There is
no advantage in mapping it into the IPv6 address space, losing
bits in the process.

If instead people want an address they can memorize, then they
need a new naming system that doesn't mess up security and/or
look-up privacy. What about GNS for that.

I think the cjdns/onioncat style is the wrong approach, even
if it gives everybody an excuse to check if thep rograms 
are indeed IPv6 compatible, and kind of has an air of a neat hack.

  E-mail is public! Talk to me in private using Tor.
  torify telnet loupsycedyglgamf.onion		DON'T SEND ME
          irc://loupsycedyglgamf.onion:67/lynX  PRIVATE EMAIL
         http://loupsycedyglgamf.onion/LynX/    OR FACEBOOGLE
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to