[tor-dev] Special-use-TLD support

Jeremy Rand biolizard89 at gmail.com
Tue Sep 29 15:46:07 UTC 2015

Hash: SHA256

On 09/29/2015 07:39 AM, Jeff Burdges wrote:
> On Tue, 2015-09-29 at 00:59 +0000, Jeremy Rand wrote:
>> The issue I do see is that SPV validation doesn't work well
>> unless you ask multiple peers to make sure that you're getting
>> the chain with the most PoW.  So I gather that this would require
>> connecting to Namecoin peers running on multiple exit nodes.  I
>> don't think that's problematic, but it would have to be taken
>> into account.
> This is no different from validation for existing DNS results.
> Tor attempts to prevent this by building a list of bad exits, but
> it's challenging to catch an exit that attacks only one website.
> You could check multiple peers but that costs you some anonymity.
> If you use many .bit names, this might expose the fact that you
> use Namecoin to your guard.

How does checking Namecoin peers on running on multiple exits cost
anonymity?  I'm not quite seeing what the attack is here.

> There are many Tor programs like Ricochet and Pond, and many
> websites, that should be detectable by a sufficiently dedicated
> guard, so that's not a compelling reason not to check multiple
> exits, but it requires consideration.
> One could maybe design the Namecone shim to check obtain
> general-but -relevant information from multiple exits running the
> Namecoin client, but only obtain the actual result from one exit.
> Or maybe that's reinventing the SPV client.

Retrieving block headers from multiple exits, and then asking for a
specific domain's SPV proof from a single exit, will at least provide
reasonable assurance that the result was valid sometime in the past 8
months (expiry period for Namecoin names).  Once unspent name output
set commitments are added to the Namecoin block validation rules, it
will provide reasonable assurance that the result was valid as of
about 2 hours ago.  A single node could still censor updates from the
past 2 hours, which would not be the case if sufficient multiple nodes
are asked.

It might also be possible to download the full blocks from the last 2
hours (along with unmined transactions) from multiple peers.  This
wouldn't reveal which names you're asking for, would presumably be
only a few megabytes at startup (along with keeping up with incoming
transactions over time), and would be sufficient when combined with
SPV proofs from a single node to give you completely current data.

I'm still not seeing the attack that stems from asking multiple exits
for specific domains, though.  Can you elaborate?

- -Jeremy
Version: GnuPG v2


More information about the tor-dev mailing list