[tor-dev] Proposal 204: Subdomain support for Hidden Service addresses

Nick Mathewson nickm at alum.mit.edu
Sat Jul 7 17:06:43 UTC 2012

On Fri, Jul 6, 2012 at 10:23 AM,  <ale at incal.net> wrote:
> Hello!
> As discussed with a few people at the Florence Hackfest, here's a quick proposal
> for subdomain support on Hidden Service addresses. The implementation seems pretty
> straightforward (a patch will follow).
> Please forgive me if the proposal is missing something, or isn't using the
> proper Tor-specific technical terms, I'm kinda new to this :) -- I hope it is
> understandable nevertheless.

Added as proposal 204: Thanks!

> Title: Subdomain support for Hidden Service addresses
> Author: Alessandro Preite Martinez
> Created: 06-07-2012
> 1. Overview
>   This proposal aims to extend the .onion naming scheme for Hidden
>   Service addresses with sub-domain components, which will be ignored
>   by the Tor layer but will appear in HTTP Host headers, allowing
>   subdomain-based virtual hosting.
> 2. Motivation
>   Sites doing large-scale HTTP virtual hosting on subdomains currently
>   do not have a good option for exposure via Hidden Services, short of
>   creating a separate HS for every subdomain (which in some cases is
>   simply not possible due to the subdomains not being fully known
>   beforehand).
> 3. Implementation
>   Tor should ignore any subdomain components besides the Hidden
>   Service key, i.e. "foo.aaaaaaaaaaaaaaaa.onion" should be treated
>   simply as "aaaaaaaaaaaaaaaa.onion".

The only part I'm worried about here is that we had once considered
doing authenticated hidden services or some other kind of wacky hidden
service with a design like "bbbbbbbbb.aaaaaaaaaaaaaaa.onion", where
bbbbbbbbb is some additional data to use in the protocol.

Still, we can still do the above proposal and save room to extend the
.onion address scheme: just reserve *.x.onion for all x of length
other than 16.


More information about the tor-dev mailing list