[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-dev] Proposal: namecoin-integration.txt
Filename: namecoin-integration.txt
Title: Improve security and usability by Namecoin integration
Author: Maxim Novoselov
Created: 06-Feb-2014
Status: Open
Overview:
This document describes enchantments of hidden services
domain names with integration of namecoin domains.
Motivation:
Currently user must lookup hidden service domain name in various
directories. This directories are owned not by the hidden service owner
so hidden service address can be easily spoofed by owners of this
directories.
Found service name is immemorable so user tends to add it to the
bookmarks which leads to (maybe)harmful trails.
This adds ability to use also original .bit domains and improves
tor's ecosystem in general.
Design:
Hidden service owner registers special domain name using namecoin
and binds it to the .onion hidden service. That way he anonymously claims
that this service owned by him and he can control it using namecoin system.
This special domain name tld must differ from .bit and .onion to avoid
confusion because they are already used by clear-web sites(.bit) and
deep-web ip-address surrogate(.onion).
Hidden service client lookup domain name at namecoin and connects
to the resolved .onion domain.
Security implications:
Proposed changes improve total security by decentralizing directory
services and give ability to hidden service owners to claim their names.
Also it makes end-user more anonimous by forcing him not to use bookmarks.
Specification:
Compatibility:
Implementation:
This can't be implemented using namecoin DNS'es because they are operated
by third-party and may be forged.
Good way is to use namecoin-rpc to query domain names. Its easy but requires
namecoin software running which is storage space intensive.
So not every user have ability to support namecoin server and we have to
provide a choice: use local copy of bitcoin-rpc or remote.
Even better would be to integrate namecoin-rpc into production but only
for nodes or bridges and use this nodes as internal DNS alternative for
enduser-tor-clients.
--
Best regards
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev