[tor-dev] Experimental Namecoin naming for Tor

Jeremy Rand jeremyrand at airmail.cc
Sun Apr 23 20:40:08 UTC 2017


Hi,

I've pushed some experimental code for using Namecoin naming in Tor.

The code is at https://github.com/JeremyRand/OnioNS-client , you want
the "namecoin" branch.

Rough instructions:

1. Install Namecoin Core and let it fully download the blockchain.  (SPV
support is in the works.)

2. Enable JSON-RPC with user/password authentication in Namecoin Core.
(The procedure is identical as in Bitcoin Core.)

3. Set your Namecoin Core JSON-RPC login info in the init_namecoind
function of src/assets/onions-stem.py.

4. Start Tor Browser Bundle.

5. Run src/assets/onions-stem.py.

6. The first time you run it, it will instruct you to add a line to one
of the Tor config files; do this.  Specifically, it will ask you to add
the line "__LeaveStreamsUnattached 1" to torrc-defaults.

7. Start Tor Browser Bundle again.

8. Run src/assets/onions-stem.py again.

9. Try opening a Namecoin website in Tor Browser.

Example websites that I've verified to work include:

http://duckduckgo-onion.bit.onion
http://bitcoinpl.bit
http://federalistpapers.bit.onion
http://botball.bit (gives a Dreamhost error)

The .bit.onion sites should also work as plain .bit.

Semantically, .bit.onion means that it will always resolve to a .onion
address (meaning that .bit.onion names are encrypted and authenticated
regardless of whether TLS is used); .bit means that it will resolve to
any of .onion, IPv6, IPv4, or CNAME (prioritized in that order), meaning
that .bit names are only encrypted and authenticated if TLS is used.
These semantics are open to revision later, as the Tor community evolves
its canonical naming semantics.

This is all proof of concept for now; some or all of this code will be
rewritten later (hopefully to use the pluggable naming API instead of
the control port).  It will probably not work with Whonix/Tails/Subgraph
due to the control port filter.  It will definitely make your Tor
Browser instance stand out, since most users can't resolve Namecoin
domain names.  And since it accesses the control port, it could
presumably do lots of horrible things to your Tor instance (and I make
no guarantees that it's properly sanitizing the input that's passed to
Tor's control port).

Huge thanks to Jesse for OnioNS (on which this code is based), and also
thanks to Nick for sharing helpful info on this mailing list.

Let me know how it works for you.

Cheers,
-- 
-Jeremy Rand
Lead Application Engineer at Namecoin
Mobile email: jeremyrandmobile at airmail.cc
Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C
Send non-security-critical things to my Mobile with OpenPGP.
Please don't send me unencrypted messages.
My business email jeremy at veclabs.net is having technical issues at the
moment.


More information about the tor-dev mailing list