[tor-dev] DNS proposal for Tor hidden services

Jesse Victors jvictors at jessevictors.com
Fri Aug 1 16:22:27 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Tyrano,

Thank you for your feedback. However, I'm not sure I fully understand your questions.

Under my proposal, at least at this moment, if a domain ends with .tor (regex match) it is the human-name for a Tor hidden service and requires translation. The .tor domain, like .onion and the obsolete .exit, cannot be reached from outside Tor and will case an immediate DNS failure on the clearnet DNS system. As far as I know, the .tor domain is not in use in the clearnet, so I think I am safe in using it. If the .tor cannot be found, I don't like the idea of retrying it on the clearnet through the Tor exit, that just leaks the lookup and your objective too many times. If you are looking up X.tor, it's quite likely that you're interested in browsing X.tor, and that is a small compromise of your privacy. Leaking the .tor lookup on clearnet DNS servers also introduces a small possibility for timing attacks.

On a different note, I'm sorry about the malformatting and the bad signature on my opening post. I'm not sure what happened there, but nothing other than formatting was amiss.

- --
Jesse V.
/CS, Network Security/
/Utah State University/


On 08/01/2014 03:39 AM, Tyrano Sauro <tyranosu at yahoo.co.nz> wrote:
> Can we know a DNS for the normal HTTP of a hidden service?
> If the onion hidden name cannot reach from outside of Tor then maybe use that?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQF8BAEBCgBmBQJT277DXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxMjgyMjhENjEyODQ1OTU1NzBCMjgwRkFB
RDk3MzY0RkMyMEJFQzgwAAoJEK2XNk/CC+yAJu4H/R/aYKDAIdnJFh4UXQpt3kBm
60mevMh5E12a2a/SnW8R09jkzjKCoDhf2wQjiXjCnry/PLOBHoo3v/YZhe/jZxj/
xAyaPy1pmMaYHmGKlulV385nG80tBFrVXXCkk/9bOe6cU97izwDUyHQ/vrryPs60
WoVglAm3Zus9badQxfYOVl6hrn/vqp3IhZ9J8UEjzqPiRUM5p5Uv43zlGUmjNn6u
JU+YFNj5NegAS884EFusz92jzgOeMK9GAcT4x3sYfHsy5StvZE7OZdIwz2gZJl6m
zGOX7B17BIt8NkAcLAQgSLaVoKuYo2ajgW/i2vcLcg3WXtjCJ7znQUd27U42VUc=
=zWU3
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140801/22a33983/attachment.html>


More information about the tor-dev mailing list