Re: [tor-dev] Proposition: Applying an AONT to Prop224 addresses?

Subject: Re: [tor-dev] Proposition: Applying an AONT to Prop224 addresses?

From: Alec Muffett <alec.muffett@xxxxxxxxx>

Date: Mon, 3 Apr 2017 14:53:17 +0100

Delivery-date: Mon, 03 Apr 2017 10:12:41 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=H2/1+ihAHLKY6Oiz0wfCZjz6POz2WFTLFsm9/weOFiM=; b=GFZgJ7yYGwFiYNvzH5MwCTh+3O3scKw4o/iETnvQZRR90QgJffsZS6Dnv1lZ1cvAfn hjyCJpL26Oc9netilmsCFMyL49Uo76NENhaj5su/175rOuETkuCN2B9SPXTX+wLRxnIs P/mBHIfwC4TMB5ON/DtcdcMmGeBqwoiur13tcUDV4hkTX8ww7LcJ6E0veHYGR7ybHafw s5eKexDCediVwldjCXiaY8BzGLXTI8ffzR+i883UkeqQTqrJ1n/+qViqzLaUUZdlOYF4 GEGVyqVgKtRpblH601EMjjBqAN9EzXWh7LPhFf9QezxhVd5EMB1Rcrw0J16JvrdD80MK iVug==

In-reply-to: <87zifxd7ds.fsf@riseup.net>

List-archive: <http://lists.torproject.org/pipermail/tor-dev/>

List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>

List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>

List-post: <mailto:tor-dev@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>

References: <CAFWeb9+Z8BvVvxsDNsCVZ5YJx3id+fLdefcT0_u+hzcvJhftnA@mail.gmail.com> <20170326201958.GU28540@thunk.cs.uwaterloo.ca> <20170326204218.GX28540@thunk.cs.uwaterloo.ca> <CAFWeb9J-Hozkh4uzMYfM+-4V2tShH1+xT5nBf=kCpL4UNzZtAQ@mail.gmail.com> <20170327055942.GY28540@thunk.cs.uwaterloo.ca> <20170327085834.GZ28540@thunk.cs.uwaterloo.ca> <87zifxd7ds.fsf@riseup.net>

Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 3 April 2017 at 13:04, George Kadianakis <desnacked@xxxxxxxxxx> wrote:

I'm calling it weird because I'm not sure how an
attacker can profit from being able to provide two addresses that
correspond to the same key, but I can probably come up with a few
scenarios if I think about it.

Hi George!

I'll agree it's a weird edge case :-)

I think the reason my spider-sense is tingling is because years of cleaning up after intrusions has taught me that sysadmins and human beings are very bad at non-canonical address formats, especially where they combine them with either blacklisting, or else case-statements-with-default-conditions.

If one creates scope for saying "the address is <foo>.onion but you can actually use <foo'>.onion or <foo''>.onion which are equivalent" - then someone will somehow leverage that either a) for hackery, or b) for social engineering.

Compare:

* http://017700000001

* http://2130706433

* http://0177.0.0.1 <- this one tends to surprise people

* http://127.0.0.1

…and the sort of fun shenanigans that can be done with those "equivalent forms"

People who've been trained not to type [X] into their browser, might be convinced to type [X']

It's a lot easier for people to cope with there being one-and-only-one viable form for any given hostname or address-representation.

-a

http://dropsafe.crypticide.com/aboutalecm

_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev