On 09/27/2016 10:05 AM, Jeremy Rand wrote: > Namecoin also can be used for name-level load balancing, although I > haven't really carefully considered the anonymity effects of the load > balancing (e.g. does it open the risk of fingerprinting?), so that > feature is lower priority until I can think about that more carefully. > I'm curious how OnioNS is handling that -- maybe there's some thinking > in OnioNS's design that's adaptable to Namecoin? Really? Now I'm curious how Namecoin does it! OnioNS currently achieves load balancing by allowing the onion service operator to specify a list of secondary addresses. In this case, the name record contains the following: + RSA-1024 onion service public key + RSA-1024 signature + memorable name + secondary addresses + + "address1.onion" + + "address2.onion" + (other data) The client will then randomly select address1.onion or address2.onion and will round-robin until one of them connects. It's a very simple scheme. Right now it looks like this: https://github.com/Jesse-V/OnioNS-common/blob/8217c47bce76d87d056f1bab671c44e13f1e9d69/src/records/Record.cpp#L58 OnioNS also checks that the main public key is in the root directory of each of the secondary addresses to ensure that they are all maintained by the same entity. I am still mulling over possible attacks, defenses, and implications, but in general it seems to work. -- Jesse
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev