On 31 December 2017 at 11:46, Alec Muffett <alec.muffett@gmail.com> wrote:
...so that any UX component which wants to help the user can highlight (in red? or bold?) where the problem is, picking out a chunk of 12 characters which contain the typo:
   https://www4acth47i6kxnvkewtm6q7ib2s3ujpo5sqbsnzjpbi7utijcltosqemadwxyz.onion/
  ---------------------------------^^^^^^^^^^^^ 
Spot the errant 'j'.
The advantage of a system like this is that it's not perfect, but a typo mostly has to happen twice and be quite fortunate to go undetected.
Of course it's not perfect, but nothing will be, and clever selection of checksum and encoding will result in something which is still DNS- and Browser-compliant.

One other advantage: a DNS-format-compliant checksum like this could be trivially baked into an SSL certificate without requiring CA/Browser Forum to invent a wholly new kind of certificate just-for-Tor

This would result in Prop224 Onion Addresses which would not only be typo-resistant, but could also continue to be issued with EV certificates where site-attestation is beneficial.

Further: adding segment-checksum bits at the end would be (I think?) backwards compatible with existing Prop224 addresses.

    -a

--