Filename: namecoin-integration.txt Title: Improve security and usability by Namecoin integration Author: Maxim Novoselov Created: 06-Feb-2014 Status: Open
Overview:
This document describes enchantments of hidden services domain names with integration of namecoin domains.
Motivation:
Currently user must lookup hidden service domain name in various directories. This directories are owned not by the hidden service owner so hidden service address can be easily spoofed by owners of this directories.
Found service name is immemorable so user tends to add it to the bookmarks which leads to (maybe)harmful trails.
This adds ability to use also original .bit domains and improves tor's ecosystem in general.
Design:
Hidden service owner registers special domain name using namecoin and binds it to the .onion hidden service. That way he anonymously claims that this service owned by him and he can control it using namecoin system.
This special domain name tld must differ from .bit and .onion to avoid confusion because they are already used by clear-web sites(.bit) and deep-web ip-address surrogate(.onion).
Hidden service client lookup domain name at namecoin and connects to the resolved .onion domain.
Security implications:
Proposed changes improve total security by decentralizing directory services and give ability to hidden service owners to claim their names. Also it makes end-user more anonimous by forcing him not to use bookmarks.
Specification: Compatibility: Implementation:
This can't be implemented using namecoin DNS'es because they are operated by third-party and may be forged.
Good way is to use namecoin-rpc to query domain names. Its easy but requires namecoin software running which is storage space intensive.
So not every user have ability to support namecoin server and we have to provide a choice: use local copy of bitcoin-rpc or remote.
Even better would be to integrate namecoin-rpc into production but only for nodes or bridges and use this nodes as internal DNS alternative for enduser-tor-clients.
-- Best regards