[tor-dev] Proposition: Applying an AONT to Prop224 addresses?
iang at cs.uwaterloo.ca
Mon Apr 3 14:48:26 UTC 2017
On Mon, Apr 03, 2017 at 02:53:17PM +0100, Alec Muffett wrote:
> On 3 April 2017 at 13:04, George Kadianakis <desnacked at riseup.net> wrote:
> > I'm calling it weird because I'm not sure how an
> > attacker can profit from being able to provide two addresses that
> > correspond to the same key, but I can probably come up with a few
> > scenarios if I think about it.
> Hi George!
> I'll agree it's a weird edge case :-)
> I think the reason my spider-sense is tingling is because years of cleaning
> up after intrusions has taught me that sysadmins and human beings are very
> bad at non-canonical address formats, especially where they combine them
> with either blacklisting, or else case-statements-with-default-conditions.
> If one creates scope for saying "the address is <foo>.onion but you can
> actually use <foo'>.onion or <foo''>.onion which are equivalent" - then
> someone will somehow leverage that either a) for hackery, or b) for social
> * http://017700000001
> * http://2130706433
> * http://022.214.171.124 <- this one tends to surprise people
> * http://127.0.0.1
> …and the sort of fun shenanigans that can be done with those "equivalent
> People who've been trained not to type [X] into their browser, might be
> convinced to type [X']
> It's a lot easier for people to cope with there being one-and-only-one
> viable form for any given hostname or address-representation.
But as I said to Alec in AMS, anyone on the internet can register
"facebook.mydomain.com" and have the A record point to the same thing as
facebook.com. So there are always alternate names for any given
website. TLS, of course, is designed to protect against these
Prop224 *also* (mostly) protects against these shenanigans, because even
if there were two onion addresses that resolved to the same pubkey, the
daily blinded version incorporates the original onion address (not just
the pubkey, right? *Right?*), so the alternate address-with-same-pubkey
won't actually point anywhere. However, an adversary can upload a
descriptor there; I'm not sure what the implications of that are just
The other thing to remember is that didn't we already say that
will mean the same thing? So we're already past the "one (st)ring to
rule them all" point?
More information about the tor-dev