[tor-dev] Prop279 and DNS

[Jeremy Rand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello!

Maybe this topic has already been brought up, but in case it hasn't,
I'll do so.  I notice that Prop279 (onion naming API) defines its own
API rather than using DNS.  I guess that this is because of security
concerns about the centralization of the DNS.

However, in case you're unaware, Namecoin is designed to interoperate
with DNS.  Let's say that, hypothetically, Tor defined a DNS-based
naming system for onion services, where "_tor.example.com" had a TXT
record that was verified with DNSSEC in order to make Tor direct
"example.com" to whatever that TXT record had.  If this were done,
Namecoin would be able to produce the necessary TXT record and DNSSEC
signatures, via the standard DNS protocol, using an authoritative
nameserver that runs on localhost.  (The DNSSEC keys used would be
unique per user, generated on installation.)  Indeed, this is how
we're planning to interoperate with non-proxy-based Internet
applications.

My guess is that it would be a lot less work on Namecoin's end if such
a system were used with Tor rather than a separate naming API.  It's
unclear to me how this would affect other naming systems such as GNS
(does GNS interoperate with clients that use DNS?), and it's also
unclear to me whether this would produce extra work for the Tor
developers (maybe DNS adds extra attack surface that would need to be
mitigated somehow, or maybe there would be complexity in implementing
stream isolation?).

Anyway, just figured I'd bring up the topic so that everyone's on the
same page regarding figuring out whether it's a good idea.

Cheers,
- -- 
- -Jeremy Rand
Lead Application Engineer at Namecoin
Mobile email: jeremyrandmobile at airmail.cc
Mobile PGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C
Send non-security-critical things to my Mobile with PGP.
Please don't send me unencrypted messages.
My business email jeremy at veclabs.net is having technical issues at the
moment.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJY4rf2AAoJELPy0WV4bWVwviQP+wSz9/L8czef+L+viSIIrrtv
BOp32fysFWw1HijQ/42IoELPhkkzsHjek4IuW6Hn3VHGYs9vJ+rQ9aOcCMGNGD/f
f7ktcw3upH/UHiFPp2S0LeNqaoup8qvUQxG/AeP5R20gD/660ZXuIVl4uOaOu5HJ
IaghO9ZpzSF695H97hf7bz3H3Wrmch8tjC+FZ+SwWdgqGa4ijjZbTvkypcPEZ6YI
YQ22PmoQQWQBbe9JLujLa46PwRWU+UKsppmQYi7dY9K7aO7/J9eKQnOLkUWtdKrN
WjtJMV+V4oL/g4IiJrPs5n82pGSvpFi/dMrakoGq2w+v1dJolz/lSGUj7+sWVQZl
iqoq6c+l7MjKNynmj/Yn8IquhhwRmVAj4sjV+2jUeVmAf/tHDCBsDYvIDcDeIblu
j6y9e7ePTlMTpuxbZ7OKJjsWgGF5+yumWHPtJYs9uBoATeYDM6+Gxm73rDZxRVCl
+KGN1jMuREA9N1ZiWuK/ueeeZWGHii4L4UWvdK0qriSvc0HxaQeCGlovEDfO8btO
ZDfq9P6USEZywqFyzjzvOUwxnhihwNMdFiSt0RfxLuX34H6POvFYHhw85ESlliY8
0RPjHW6GZywNuOgpYDu9kPS6HPFhXUtok708Jmc926ctX2TT0CJlK6Fl3R2kZGCa
nOLHLSYVmkehj6u3RdBf
=Hz3g
-----END PGP SIGNATURE-----