[tor-dev] Memorable onion addresses (was Discussion on the crypto migration plan of the identity keys of Hidden Services)

Matthew Finkel matthew.finkel at gmail.com
Thu Jun 6 12:48:42 UTC 2013

On Mon, May 20, 2013 at 12:11:37AM -0400, Griffin Boyce wrote:
> Matthew Finkel <matthew.finkel at gmail.com> wrote:
> > So I think we should make some terms clear (just for the sake of
> > clarity). We have, I guess, three different naming-system ideas
> > floating here: petnames, (distibuted) namecoin-ish, and centralized
> > consensus-based - rough summary.
> >
> > Some months ago, the petname system interested me enough that I started
> > to write a proposal for it. At this point, it's wound up in bitrot.
> > Though I'd spent a bit of time working on it, there was no comprehensive
> > way to accomplish it.
>   I too started writing a petname proposal only to have it wind up on the
> backburner.
>   In a nutshell, there would be a sort of pseudo-DNS that allow a given
> .onion to define a petname through a file on their site.  For example,
> somename.onion/petname.txt could shorten the address to bettername.pet.
>  The pseudo-DNS would check if a hidden service is alive once every few
> days, and if the onion is down for thirty days, the petname is freed up for
> someone else to use.  This has the side effect of promoting good onion
> upkeep.

This could work well. Have you seen proposals/ideas/xxx-onion-nyms.txt
in torspec? It's a similar idea but targeted for use with tor2web.

This isn't a petname system system, but it would be a step in the right
direction for making HS more user friendly. I worry about the initial
race condition for this type of system. How do we guarantee that
the site resolving to "torproject" is torproject.org. It's this
expectation that the mapping is obvious that will be the difficult part
of the system. After 6 months (or so) the naming will stabilize and be
(mostly) consistent month-to-month, but how do we guarantee that a
malicious actor is not able to register popular internet domains
(torproject, ddg, etc) before the legitimate/honest actor?

>   I like the idea of federating hidden services and eepsites into one
> petname system, but not sure how possible/practical that would be.  Of
> course, there's really nothing keeping an independent actor from making
> this and offering it as a firefox plugin for those who might want to use it.

I know very little about eepsites, but as long as the guarantees
provided by eepsites and HS are equivalent regarding security and
anonymity, this is an interesting idea. The easiest/obvious way to
accomplish this is to have gateways/peering-points between the two
networks, I need to refresh my memory/read more about I2P/eepSites
before I can argue a valid mechanism.

Unless, are you talking about running I2P and Tor on the same
computer/network and being able use the same naming scheme to connect to
both eepSites and Hidden Services? If so, a petname system is perfect
for this because it is completely user defined. See Waterken's Petname
Tool[0] for an example of such an addon. If a modified version of this
add-on (or something similar) is included in TBB/"secure-browser" and
not only remembers the websites you trust but also allows you to use your
petname in-place-of the real name, then this would be a possibly-useful system.

> Thoughts?
> ~Griffin
> -- 
> Technical Program Associate, Open Technology Institute
> #Foucault / PGP: 0xAE792C97 / OTR: saint at jabber.ccc.de

Thanks for sharing your thoughts!

- Matt

More information about the tor-dev mailing list