[tor-dev] Naming Systems wiki page

Jesse V kernelcorn at torproject.org
Wed Sep 28 02:10:04 UTC 2016


On 09/27/2016 10:05 AM, Jeremy Rand wrote:
> Namecoin also can be used for name-level load balancing, although I
> haven't really carefully considered the anonymity effects of the load
> balancing (e.g. does it open the risk of fingerprinting?), so that
> feature is lower priority until I can think about that more carefully.
> I'm curious how OnioNS is handling that -- maybe there's some thinking
> in OnioNS's design that's adaptable to Namecoin?

Really? Now I'm curious how Namecoin does it!

OnioNS currently achieves load balancing by allowing the onion service
operator to specify a list of secondary addresses. In this case, the
name record contains the following:
+ RSA-1024 onion service public key
+ RSA-1024 signature
+ memorable name
+ secondary addresses
+ + "address1.onion"
+ + "address2.onion"
+ (other data)

The client will then randomly select address1.onion or address2.onion
and will round-robin until one of them connects. It's a very simple
scheme. Right now it looks like this:
https://github.com/Jesse-V/OnioNS-common/blob/8217c47bce76d87d056f1bab671c44e13f1e9d69/src/records/Record.cpp#L58

OnioNS also checks that the main public key is in the root directory of
each of the secondary addresses to ensure that they are all maintained
by the same entity. I am still mulling over possible attacks, defenses,
and implications, but in general it seems to work.

-- 
Jesse

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 709 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160927/e10c6d4d/attachment.sig>


More information about the tor-dev mailing list