[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 274: A Name System API for Tor Onion Services

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal 274: A Name System API for Tor Onion Services
From: Jeremy Rand <jeremyrand@xxxxxxxxxx>
Date: Thu, 26 Jan 2017 09:08:38 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 26 Jan 2017 04:09:48 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=airmail.cc; s=mail; t=1485421729; bh=CIP/8Fw8EFeQXBTZ7qwInD4yfiFdExoWvZnqtEq+4QQ=; h=Reply-To:Subject:References:To:From:Date:In-Reply-To:From; b=GQ8u5cdfSGkOOjYFRqIIoEyeSepvIkTncgrhRe+m9NkIx/aiIUjI6J3EqW+pgEneT cc9nv3Q5Nb7t3S/PLXTL2AbvSSAvRDh/B3nqhV5ozs1/w/qGCy6ImfHjVqMDYNKSeZ bi87wn9Yke22u/6SiT3QZ70uRYpUTOyxulZUALy7y7r8VTNU7uYayZtKdcutXYmuN0 Qn2LzJOhc4kvOihEFBoB9zXEC0B6QQxNyoSOBMaLmdb6HDA5EQbEsaE/BlD7FvitZn pSMYQ/RjgGMdY4+7nyaniAwLU7A1CAOOF8jFeiD/sQXJnJy+0PSJ5FTepMwJ3Yguc4 YXqYi8j6Q6QKQ==
In-reply-to: <81C12C52-015A-4EB4-A43A-22ABFF9FE8CE@gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <87d1jbkjok.fsf@riseup.net> <KTZzTuI--3-0@tutanota.com> <818cc69b-afa5-f7a5-6a7a-a97df9952b91@airmail.cc> <759be8d2-a0bc-77c3-179a-fa1393366651@riseup.net> <81C12C52-015A-4EB4-A43A-22ABFF9FE8CE@gmail.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

teor:
> 
>> On 12 Oct 2016, at 09:29, Jesse V <kernelcorn@xxxxxxxxxxxxxx> wrote:
>>
>> On 10/11/2016 12:53 AM, Jeremy Rand wrote:
>>> It's also worth noting that it's been hard enough to get IETF to accept
>>> .bit (that effort stalled) -- adding a bunch of other TLD's would
>>> probably annoy IETF significantly (and destroy whatever good will exists
>>> at IETF right now), and I fully understand why this would annoy them.
>>>
>>> I'm not really sure what the right mechanism is for a user to specify "I
>>> want this request to either use TLS or be resolved to a .onion record"
>>> (which seems to be the primary use case here).  Does anyone have
>>> suggestions?
>>
>> As I understand it, the spirit of the naming system API is to resolve
>> $meaningfulName to $randomAddress.onion. It seems pretty clear its
>> focused on A records, but the naming system can support subdomains and
>> CNAME records if it likes. My approach with OnioNS is to simply use a
>> none-ICANN TLD, which is currently ".tor". There's a Trac ticket on
>> which TLD I should use, but it seems most intuitive to use something
>> obvious. Someone suggested that we continue to use .onion, but anything
>> that isn't 16 chars of base32 should be resolving using the naming
>> system. That seems like it would be more confusing. A new TLD seems more
>> intuitive.
> 
> Yes, and re-using .onion would make (some) 32-character names invalid,
> and post prop-224, (some) 53?-character names invalid as well.
> 
> This is an undesirable property.
> 
> I can also imagine attacks taking advantage of this confusion.

If, hypothetically, we wanted to avoid the confusion of "does xyz.bit
point to a .onion service or an A record?" but did not want to introduce
any additional TLD's, maybe do something like:

"xyz.bit.onion" --> the .onion service pointed to by Namecoin d/xyz, or
an error if no such service exists
"xyz.bit" --> anything pointed to by Namecoin d/xyz, which could be an A
record, or a CNAME record, or a .onion record.

I suspect that most end users will understand that "bit.onion" is not an
onion service, since it's far too short to be one.

Thoughts?

-Jeremy

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- Re: [tor-dev] Proposal 274: A Name System API for Tor Onion Services
  - From: teor

Prev by Author: [tor-dev] [collector] CollecTor Release 1.1.2
Next by Author: Re: [tor-dev] ExitPortStatistics interpretation
Previous by thread: Re: [tor-dev] Proposal 274: A Name System API for Tor Onion Services
Next by thread: [tor-dev] archive.is and archive.fo are using CloudFlare. Is the TorBrowser add-on cfc useless now?
Index(es):
- Author
- Thread