[tor-bugs] #30558 [Applications/Tor Browser]: Namecoin support for onion sites in Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 21 16:46:56 UTC 2019


#30558: Namecoin support for onion sites in Tor Browser
------------------------------------------+------------------------
     Reporter:  arthuredelstein           |      Owner:  JeremyRand
         Type:  defect                    |     Status:  assigned
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:  #30029
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+------------------------
 **The problem**
 Onion domains are generally almost impossible for humans to remember.
 Specifically, they are very long and consist of a series of random
 characters.

 v2 domains look like this:
 * https://www.propub3r6espa33w.onion/

 and v3 domains look like this:
 * http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion

 So, while onion domains are secure and decentralized, they are not human-
 meaningful, and thus fail to satisfy all three desired properties
 described in [https://en.wikipedia.org/wiki/Zooko%27s_triangle Zooko's
 triangle].

 **Proposed solution**
 Namecoin offers a solution for Zooko's triangle. Domains are registered in
 a decentralized manner, can be remembered by humans, and are secure. A
 Namecoin (.bit) domain looks like this:
 * http://federalistpapers.bit

 The .bit domains can be pointed to a unique .onion domain. So the user
 needs only to enter http://federalistpapers.bit and they will be taken to
 the appropriate onion site (in this case,
 http://7fa6xlti5joarlmkuhjaifa47ukgcwz6tfndgax45ocyn4rixm632jid.onion)

 The task consists of writing patches for Tor Browser that integrates a
 Namecoin lookup client, such that when a user enters a .bit domain name
 the browser is connected to the underlying .onion site. In the address
 bar, the entered address including a .bit domain will continue to be
 shown, and the .onion domain will be indicated on the circuit display.

 Initially, the patches can be integrated into Tor Browser Nightly. If
 testing is successful, I hope it could progress to Tor Browser alpha and
 eventually stable.

 ** Comparison to other approaches **
 There are several promising approaches to allowing human-meaningful
 aliases to onion sites. However, they don't fully solve Zooko's triangle:
 * HTTPS Everywhere: Aliases are under central control by the addon
 maintainer.
 * Bookmarks/Petnames: Aliases are not global.
 * Alt-Svc/Onion-Location: Aliases require first connecting through a
 centralized ICANN domain.

 I think Namecoin is especially promising because it can be globally
 registered and maintained securely by the onion site operator, without any
 centralized permission. Thus the properties of security and
 decentralization offered by .onion domains are shared by .bit domains.

 There are some challenges:
 * Historically, Namecoin lookup has been slow and required cumbersome
 downloads. Jeremy has made major progress in reducing the footprint.
 * Registering a Namecoin domain requires downloading specialized software
 and is not anonymous without special precautions. Future work (out of
 scope here) could include building documentation and/or software tools to
 allow onion operators to easily and anonymously register a .bit domain and
 point it to a .onion domain.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30558>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list