<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On 31 December 2017 at 11:46, Alec Muffett <span dir="ltr"><<a href="mailto:alec.muffett@gmail.com" target="_blank">alec.muffett@gmail.com</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div><span style="color:rgb(84,84,84)"><font face="arial, helvetica, sans-serif">...so that any UX component which wants to help the user can highlight (in red? or bold?) where the problem is, picking out a chunk of 12 characters which contain the typo:</font></span></div><div><div><font face="monospace, monospace" style="background-color:rgb(255,255,255)"> <a href="https://www" target="_blank">https://www</a><font color="#545454">4acth47i6kxnvkewtm6<wbr>q7</font><b><font color="#ff0000">ib2s3ujpo5sq</font></b><font color="#545454">bsnzjpbi7utijclt<wbr>osqemadwxyz.onion/</font></font></div></div><div><span style="color:rgb(84,84,84);background-color:rgb(255,255,255)"><font face="monospace, monospace"> ------------------------------<wbr>---^^^^^^^^^^^^ </font></span></div><div><span style="color:rgb(84,84,84);background-color:rgb(255,255,255)"><font face="arial, helvetica, sans-serif">Spot the errant 'j'.</font></span></div><div><span style="color:rgb(84,84,84);background-color:rgb(255,255,255)"><font face="arial, helvetica, sans-serif">The advantage of a system like this is that it's not perfect, but a typo mostly has to happen twice and be quite fortunate to go undetected.</font></span></div><div><span style="color:rgb(84,84,84);background-color:rgb(255,255,255)"><font face="arial, helvetica, sans-serif">Of course it's not perfect, but nothing will be, and clever selection of checksum and encoding will result in something which is still DNS- and Browser-compliant.</font></span></div></div></div></blockquote><div><br></div><div>One other advantage: a DNS-format-compliant checksum like this could be trivially baked into an SSL certificate without requiring CA/Browser Forum to invent a wholly new kind of certificate just-for-Tor</div><div><br></div><div>This would result in Prop224 Onion Addresses which would not only be typo-resistant, but could also continue to be issued with EV certificates where site-attestation is beneficial.</div><div><br></div><div>Further: adding segment-checksum bits at the end would be (I think?) backwards compatible with existing Prop224 addresses.</div><div><br></div><div> -a</div></div><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><a href="http://dropsafe.crypticide.com/aboutalecm" target="_blank">http://dropsafe.crypticide.com/aboutalecm</a><br></div>
</div></div>