[tor-dev] Proposal: namecoin-integration.txt

Joe Foe deepinfoe at yahoo.com
Sat Feb 22 06:39:16 UTC 2014 

Filename: namecoin-integration.txt
Title: Improve security and usability by Namecoin integration
Author: Maxim Novoselov
Created: 06-Feb-2014
Status: Open

Overview:

   This document describes enchantments of hidden services
   domain names with integration of namecoin domains.

Motivation:

   Currently user must lookup hidden service domain name in various
   directories. This directories are owned not by the hidden service owner
   so hidden service address can be easily spoofed by owners of this
   directories.

   Found service name is immemorable so user tends to add it to the
   bookmarks which leads to (maybe)harmful trails.

   This adds ability to use also original .bit domains and improves
   tor's ecosystem in general.

Design:

   Hidden service owner registers special domain name using namecoin
   and binds it to the .onion hidden service. That way he anonymously claims
   that this service owned by him and he can control it using namecoin system.

   This special domain name tld must differ from .bit and .onion to avoid
   confusion because they are already used by clear-web sites(.bit) and
   deep-web ip-address surrogate(.onion).

   Hidden service client lookup domain name at namecoin and connects
   to the resolved .onion domain.

Security implications:

   Proposed changes improve total security by decentralizing directory
   services and give ability to hidden service owners to claim their names.
   
   Also it makes end-user more anonimous by forcing him not to use bookmarks.

Specification:
Compatibility:
Implementation:

   This can't be implemented using namecoin DNS'es because they are operated
   by third-party and may be forged.

   Good way is to use namecoin-rpc to query domain names. Its easy but requires
   namecoin software running which is storage space intensive.

   So not every user have ability to support namecoin server and we have to
   provide a choice: use local copy of bitcoin-rpc or remote.

   Even better would be to integrate namecoin-rpc into production but only
   for nodes or bridges and use this nodes as internal DNS alternative for
   enduser-tor-clients.

--
Best regards

More information about the tor-dev mailing list