[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Naming Systems wiki page



On 09/27/2016 10:05 AM, Jeremy Rand wrote:
> Namecoin also can be used for name-level load balancing, although I
> haven't really carefully considered the anonymity effects of the load
> balancing (e.g. does it open the risk of fingerprinting?), so that
> feature is lower priority until I can think about that more carefully.
> I'm curious how OnioNS is handling that -- maybe there's some thinking
> in OnioNS's design that's adaptable to Namecoin?

Really? Now I'm curious how Namecoin does it!

OnioNS currently achieves load balancing by allowing the onion service
operator to specify a list of secondary addresses. In this case, the
name record contains the following:
+ RSA-1024 onion service public key
+ RSA-1024 signature
+ memorable name
+ secondary addresses
+ + "address1.onion"
+ + "address2.onion"
+ (other data)

The client will then randomly select address1.onion or address2.onion
and will round-robin until one of them connects. It's a very simple
scheme. Right now it looks like this:
https://github.com/Jesse-V/OnioNS-common/blob/8217c47bce76d87d056f1bab671c44e13f1e9d69/src/records/Record.cpp#L58

OnioNS also checks that the main public key is in the root directory of
each of the secondary addresses to ensure that they are all maintained
by the same entity. I am still mulling over possible attacks, defenses,
and implications, but in general it seems to work.

-- 
Jesse

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev