[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] new tld question
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Tom Ritter:
> It's possible that next time around, Tor could apply for .onion,
> and use it as a tor2web portal - but even if a lot of engineering
> effort was put in[0] - a user visiting aabbccddee.onion in a normal
> web browser would leak its DNS request, and an observer would know
> exactly who they were trying to browse to. That's not an issue
> with tor2web mode, because it's only the HS, not the user, trying
> to be anonymous. But trying to keep the user anonymous when
> visiting a .onion would be extremely difficult, if not impossible.
>
> But then again, on the flip side, if a user visits
> aabbccddee.onion without using either a Tor DNs Proxy or TBB, that
> .onion DNS request is still leaked. So maybe the threat model
> becomes "We know we can't protect users trying to visit a .onion
> without/with-misconfigured Tor, so perhaps we want to at least
> enable the functionality, and hide what the user is doing on the
> HS'.
You could prevent leaking the DNS request by hardcoding the IPs into
mainstream browsers or even more desirable, a bit more low level, into
the operating system's (windows, linux, any) DNS resolver or kernel.
Would need discussion if such as patch could be officially accepted by
DNS resolver / kernel.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJQFdKHAAoJEJwTGtNxOq7v/QEP/Rsm+jJdOiNXx4HzQE7Xf99f
F5gH3wTo5FDBmSYHYfRRx/yxL3asEDFOFnUafvB/3W+8rPdWBS2a+8WYuri7iHy+
nug8ME3n7pCvt2pkhPnZMYMoHD8hQgC3a3eDfgLOxB5sVdi4sn/gi3LJ8lrIc5hv
gFICXZ85dCogGX7p/5bBLKwy4KoJjdkjBouGpb51Mp9NUc03KNCwtC2kwG+DF7tp
MfFgYP5copnS9M/zifNoRZ9wVGPhHIaDFTEAnQ0+hWt2Hdbj5SyVLcgEsNbQR/Gp
P++Zh5ubEwRlLr/iRjirMxzxNiyFenzGGIzgenAg+Xsdh4GbBkMEsWlwhXQh01Pd
Zm8TGZ0iYYeKfBzhFaCFzC1wzq+DyCdPz1JElc9fOo1ydXCmPWd7r/bhT+r5Ll9Q
8C/9Jew6fE/42+0f7U75pCUXz3iDlH2CR2P8jCDpG3feoC+RkqZfHh0SghnAE4w4
FMohQIm6qUonTYO5+Ypg0qGtnNBZBTKYPlIogGK1FwL0Hy+q3KPUsMhbb/LyJUFJ
T3TMvD+xpH2/QPrxV8k9syairGeMMF+iHpKyBt1PPujztklGGBrO1TQfPdx17KZn
7HAS+7C/Ik22lDQqCjfDRfW+TmHMk/dMOJHLexyY1j7ZnYIo1EgAl75uEmCFCvSF
RSBFLD92EZrunMcppYjD
=sIeS
-----END PGP SIGNATURE-----
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk