[tor-dev] Naming Systems wiki page

Jesse V kernelcorn at torproject.org
Wed Sep 28 02:10:04 UTC 2016

On 09/27/2016 10:05 AM, Jeremy Rand wrote:
> Namecoin also can be used for name-level load balancing, although I
> haven't really carefully considered the anonymity effects of the load
> balancing (e.g. does it open the risk of fingerprinting?), so that
> feature is lower priority until I can think about that more carefully.
> I'm curious how OnioNS is handling that -- maybe there's some thinking
> in OnioNS's design that's adaptable to Namecoin?

Really? Now I'm curious how Namecoin does it!

OnioNS currently achieves load balancing by allowing the onion service
operator to specify a list of secondary addresses. In this case, the
name record contains the following:
+ RSA-1024 onion service public key
+ RSA-1024 signature
+ memorable name
+ secondary addresses
+ + "address1.onion"
+ + "address2.onion"
+ (other data)

The client will then randomly select address1.onion or address2.onion
and will round-robin until one of them connects. It's a very simple
scheme. Right now it looks like this:

OnioNS also checks that the main public key is in the root directory of
each of the secondary addresses to ensure that they are all maintained
by the same entity. I am still mulling over possible attacks, defenses,
and implications, but in general it seems to work.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 709 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160927/e10c6d4d/attachment.sig>

More information about the tor-dev mailing list