[tor-dev] Tor and Namecoin
George Kadianakis
desnacked at riseup.net
Sun Jul 31 13:26:50 UTC 2016
Jeremy Rand <jeremyrand at airmail.cc> writes:
> [ text/plain ]
> Hello Tor devs,
>
> Namecoin is interested in collaboration with Tor in relation to
> human-readable .onion names; I'm reaching out to see how open the Tor
> community would be to this, and to get feedback on how exactly the
> integration might work.
>
> The new hidden service spec is going to substantially increase the
> length of .onion names, which presents usability concerns. Namecoin
> provides a way to resolve a human-readable .bit name to a .onion name.
> Another benefit of Namecoin is that it provides a way to lookup TLS
> fingerprints for clearnet .bit sites, which reduces the risk of MITM
> attacks on clearnet websites from malicious or compromised CA's.
>
> <snip>
>
> There are a few options I can think of for integrating this with Tor for
> .onion naming. One would be to modify OnioNS to call the Namecoin SPV
> client. This would concern me because OnioNS is in C++, which
> introduces the risk of memory safety vulnerabilities. Another would be
> to use an intermediate proxy like Yawning's or-ctl-filter. A third
> option would be to try to get external name resolution implemented in
> Tor itself, which I believe Jeff Burdges has suggested in the past. If
> Option A or B is used, any solution would need to pass the stream
> isolation info to the SPV client.
>
Hello Jeremy,
I'm a big noob when it comes to blockchains, namecoin, SPV clients and such, so
I'm mainly going to focus on how to integrate this with Tor.
It seems to me that a plausible way to kickstart this big project would be to
make an unofficial add-on for TBB that can do the namecoin dance. People can
then install it and experiment with it. If it fits the Tor use case well, then
a community might be formed that will push this project forward even more.
If it's an optional add-on, we also don't have to worry that much about the
400MB blockchain size, since it's gonna be optional and only people who want it
will have to download it. This way we can learn how much of a problem the
download size is anyway (it seems to me like a total blocker for people in
non-western fast-internet countries).
That's why I would suggest experimenting with the first two approaches you
mentioned that don't require a modification to Tor's protocol.
Specifically, if you can build a PoC with Yawning's or-ctl-filter that's what I
would go for, since I'm not actually sure what's the current state of the
OnioNS code, and how easy it will be to plug namecoin in there. What would be
the procedure for third-party people with TBB to install namecoin + or-ctl-filter?
Would it be a painful UX?
FWIW, I'm also not sure what's the state of Jeff Burdges' name resolution idea,
whether there are any plans on moving forward, and whether it would fit the
Namecoin API.
More information about the tor-dev
mailing list