[tor-dev] Naming Systems wiki page
kernelcorn at torproject.org
Wed Sep 28 02:10:04 UTC 2016
On 09/27/2016 10:05 AM, Jeremy Rand wrote:
> Namecoin also can be used for name-level load balancing, although I
> haven't really carefully considered the anonymity effects of the load
> balancing (e.g. does it open the risk of fingerprinting?), so that
> feature is lower priority until I can think about that more carefully.
> I'm curious how OnioNS is handling that -- maybe there's some thinking
> in OnioNS's design that's adaptable to Namecoin?
Really? Now I'm curious how Namecoin does it!
OnioNS currently achieves load balancing by allowing the onion service
operator to specify a list of secondary addresses. In this case, the
name record contains the following:
+ RSA-1024 onion service public key
+ RSA-1024 signature
+ memorable name
+ secondary addresses
+ + "address1.onion"
+ + "address2.onion"
+ (other data)
The client will then randomly select address1.onion or address2.onion
and will round-robin until one of them connects. It's a very simple
scheme. Right now it looks like this:
OnioNS also checks that the main public key is in the root directory of
each of the secondary addresses to ensure that they are all maintained
by the same entity. I am still mulling over possible attacks, defenses,
and implications, but in general it seems to work.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 709 bytes
Desc: OpenPGP digital signature
More information about the tor-dev