[tor-dev] Error-Correcting Onions with Bech32

Alec Muffett alec.muffett at gmail.com
Sun Dec 31 12:01:44 UTC 2017


On 31 December 2017 at 11:46, Alec Muffett <alec.muffett at gmail.com> wrote:
>
> ...so that any UX component which wants to help the user can highlight (in
> red? or bold?) where the problem is, picking out a chunk of 12 characters
> which contain the typo:
>    https://www4acth47i6kxnvkewtm6q7*ib2s3ujpo5sq*bsnzjpbi7utijclt
> osqemadwxyz.onion/
>   ---------------------------------^^^^^^^^^^^^
> Spot the errant 'j'.
> The advantage of a system like this is that it's not perfect, but a typo
> mostly has to happen twice and be quite fortunate to go undetected.
> Of course it's not perfect, but nothing will be, and clever selection of
> checksum and encoding will result in something which is still DNS- and
> Browser-compliant.
>

One other advantage: a DNS-format-compliant checksum like this could be
trivially baked into an SSL certificate without requiring CA/Browser Forum
to invent a wholly new kind of certificate just-for-Tor

This would result in Prop224 Onion Addresses which would not only be
typo-resistant, but could also continue to be issued with EV certificates
where site-attestation is beneficial.

Further: adding segment-checksum bits at the end would be (I think?)
backwards compatible with existing Prop224 addresses.

    -a

-- 
http://dropsafe.crypticide.com/aboutalecm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20171231/437c98c8/attachment.html>


More information about the tor-dev mailing list