[tor-dev] Proposal 204 and next-gen HS addresses (was: Proposal status changes the last 17 months)

Zack Weinberg zackw at panix.com
Fri Nov 15 15:32:21 UTC 2013

On Fri, Nov 15, 2013 at 9:31 AM, Nick Mathewson <nickm at torproject.org> wrote:
> Individual blogs might be at:
> technology.cmktn5wni9uinp1niixoh8gzf2oqkcwckcexwe8zutfn5uu7zbb.onion,
> lemurs.cmktn5wni9uinp1niixoh8gzf2oqkcwckcexwe8zutfn5uu7zbb.onion,
> drama.cmktn5wni9uinp1niixoh8gzf2oqkcwckcexwe8zutfn5uu7zbb.onion
> My thought had been that the long addresses are likely to make people
> a bit disinclined to use even longer addresses.  But I guess we'll
> see; there's no reason to actually remove the feature.

I don't think this is a reason to remove the feature altogether, but
there is a good reason not to deploy a website with user-controllable
subdomains as suggested: the browser has no way of knowing that
.cmktn5wni9uinp1niixoh8gzf2oqkcwckcexwe8zutfn5uu7zbb.onion is a
"public suffix" and will therefore allow lemurs.yada.onion to declare
that its "origin" is the entire yada.onion domain and snoop on other
sites hosted there.


More information about the tor-dev mailing list