[tor-dev] Hidden Service location referrals in DNS/web

Jeroen Massar jeroen at massar.ch
Fri Sep 13 08:17:05 UTC 2013


I don't know what the current status/discussion for this is, hence this
email, a reply to a ticket # or mail thread would be fine too ;)

Is there currently a plan or way to state for a site:
  "you can find us as hidden service X" ?

In DNS we could use something like:
www		NAPTR 10 50 "s" "TOR+HTTPS" "" _https._tcp
_https._tor.	SRV 0 0 443 <fingerprint>.onion.

Of course, there is a latency hit there, DNSSEC should be used for
authentication and if there is somebody watching DNS they know that you
have something that looks at Tor records, thus it might not be ideal for
all situations. Having a Torified DNS resolver would resolve that though.

Using _https._tor. allows other services to also use this scheme.
When 'datagram tor' comes out we can add a "_dtor" or something to
support datagram variants of the connections.

Another way, which does not show that you are looking for Tor would be
to use the "alternate" link ability of HTML, eg for RSS there is:

<link rel="alternate" type="application/rss+xml" title="RSS version"
href="/rss/" />

Thus we could have something like:

<link rel="alternate" type="application/tor+hiddenservice" title="Tor
hidden service version" href="https://<fingerprint>.onion" />

on a webpage. If the webpage you get that on is https you have assurance
that the hiddenservice is truly there.

That would be webpage only though, but that is quite a large portion of
the web...


More information about the tor-dev mailing list