[tor-dev] Namecoin .onion to .bit linking
kernelcorn at riseup.net
Tue May 19 20:31:34 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
> On 05/19/2015 10:02 AM, Daniel Martí wrote:
>> I'm not familiar with Namecoin, but I thought I'd just point out
>> that someone will be working on OnioNS, the onion name system, as
>> part of the SoP in Tor. The person who will be working on it just
>> sent an e-mail to this very list yesterday.
>> You two seem to be after the same "human-readable way to access
>> .onion domain names" target as you yourself described, so there
>> might be room for collaboration.
> I'm aware of OnioNS, but haven't yet had time to thoroughly read the
> proposal. It's certainly on my to-do list, if nothing else for
> cross-pollination of ideas.
> - -Jeremy
Yes, I'm here. Last year I explored Namecoin as a possible alternative DNS for Tor hidden services. I spent some time over it, but I also ran into the same problems previously mentioned above: how to link HS RSA keys to Namecoin ECDSA keys. I came up with two solutions: sign the Namecoin key with the HS key and embed that signature in the blockchain, or introduce a new blockchain that relied on the same cryptography as hidden services (RSA, Ed25519, ECDSA, etc, as long as they matched). As I mentioned in the ACM paper, it's non-trivial to build this correlation and I came to the conclusion that solutions would look more like a hack than an elegant solution. Moreover, even if the correlation could be built, it's impractical to require clients to download the whole blockchain before use, so you still have to address the issue of preventing name servers from lying.
I hope you can see that it's a difficult problem. I think Namecoin could use a solution if you come up with one, and I would be interested in hearing about it. I came to the conclusion that Namecoin would not work and wrote something different. Namecoin does many things well and I took those good design ideas, but I also changed the setup to solve many of its weaknesses. Namecoin, GNS, and OnioNS are good alternative DNSs, each with their own approach. Let's see if we can work together here, we might be able to help one another.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the tor-dev