[tor-dev] DNS proposal for Tor hidden services
jvictors at jessevictors.com
Fri Aug 1 16:22:27 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Thank you for your feedback. However, I'm not sure I fully understand your questions.
Under my proposal, at least at this moment, if a domain ends with .tor (regex match) it is the human-name for a Tor hidden service and requires translation. The .tor domain, like .onion and the obsolete .exit, cannot be reached from outside Tor and will case an immediate DNS failure on the clearnet DNS system. As far as I know, the .tor domain is not in use in the clearnet, so I think I am safe in using it. If the .tor cannot be found, I don't like the idea of retrying it on the clearnet through the Tor exit, that just leaks the lookup and your objective too many times. If you are looking up X.tor, it's quite likely that you're interested in browsing X.tor, and that is a small compromise of your privacy. Leaking the .tor lookup on clearnet DNS servers also introduces a small possibility for timing attacks.
On a different note, I'm sorry about the malformatting and the bad signature on my opening post. I'm not sure what happened there, but nothing other than formatting was amiss.
/CS, Network Security/
/Utah State University/
On 08/01/2014 03:39 AM, Tyrano Sauro <tyranosu at yahoo.co.nz> wrote:
> Can we know a DNS for the normal HTTP of a hidden service?
> If the onion hidden name cannot reach from outside of Tor then maybe use that?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tor-dev