Tor Weekly News — October 31st, 2015
Harmony
harmony01 at riseup.net
Sat Oct 31 14:18:20 UTC 2015
========================================================================
Tor Weekly News October 31st, 2015
========================================================================
Welcome to the thirty-seventh issue in 2015 of Tor Weekly News, the
weekly newsletter that covers what’s happening in the Tor community.
Contents
--------
1. IETF reserves .onion as a Special-Use Domain Name
2. Tor proposal updates
3. Miscellaneous news
4. Upcoming events
IETF reserves .onion as a Special-Use Domain Name
-------------------------------------------------
Several years of effort by Tor Project members and contributors bore
fruit this week when the Internet Engineering Task Force, which develops
and promotes voluntary standards for Internet technologies, recognized
the .onion suffix as a special-use domain name [1].
As Jacob Appelbaum, who led the charge along with Facebook security
engineer Alec Muffett, explained: “IETF name reservations are part of a
lesser known process that ensures a registered Special-Use Domain Name
will not become a Top Level Domain (TLD) to be sold by the Internet
Corporation For Assigned Names and Numbers (ICANN).” In other words, it
will not be possible for domain registrars to sell web addresses ending
in .onion; if it were, it would create problems for Tor’s hidden service
system, which uses that suffix to allow users to run anonymous and
censorship-resistant web services accessible via the Tor Browser.
Another benefit of the name reservation is that it will now be possible
to buy Extended Validation (EV) SSL certificates for .onion domains, a
system which Facebook has trialled on its own popular hidden
service [2].
“We think that this is a small and important landmark in the movement to
build privacy into the structure of the Internet”, wrote Jacob.
Congratulations to all those who spent time drafting this proposal and
advocating for its adoption.
[1]: https://blog.torproject.org/blog/landmark-hidden-services-onion-names-reserved-ietf
[2]: https://blog.torproject.org/blog/facebook-hidden-services-and-https-certs
Tor proposal updates
--------------------
Tor’s body of development proposals, documents that plan for
improvements and changes in Tor’s software ecosystem, has seen some
additions, updates, and reviews over the past week.
Nick Mathewson published proposal 256 [3], which examines methods for
revoking the long-lived public keys used by Tor relays and directory
authorities in the event that they are compromised, or the operator
believes there is a significant possibility that they have been
compromised. Andrea Shepard wrote proposal 258 [4], explaining how
directory authorities could mitigate the risk of denial-of-service (DOS)
attacks by classifying the types of directory requests they receive and
setting thresholds for each. Nick and Andrea together published proposal
257 [5], which identifies the different functions performed by directory
authorities and examines how the risk of DOS attacks could be reduced by
“isolating the security-critical, high-resource, and
availability-critical pieces of our directory infrastructure from one
another”.
George Kadianakis published a review [6] of all the open proposals
relevant to next-generation hidden services, giving a summary of each
one along with its current status, “so that researchers and developers
have easier access to them”.
Proposal 250, which specifies how directory authorities can come up with
a shared random value every day, and which George describes as “a
prerequisite” for all other work on next-gen hidden services, was itself
updated to reflect changes in the implementation, which is almost
finished, as David Goulet explained [7]. Finally, Tim Wilson-Brown
(teor) published a revised version [8] of the as-yet unnumbered proposal
for “rendevous single onion services”, “an alternative design for single
onion services, which trade service-side location privacy for improved
performance, reliability, and scalability”.
If you have any comments on these or other Tor proposals, feel free to
post your thoughts to the tor-dev mailing list.
[3]: https://lists.torproject.org/pipermail/tor-dev/2015-October/009798.html
[4]: https://lists.torproject.org/pipermail/tor-dev/2015-October/009821.html
[5]: https://lists.torproject.org/pipermail/tor-dev/2015-October/009799.html
[6]: https://lists.torproject.org/pipermail/tor-dev/2015-October/009762.html
[7]: https://lists.torproject.org/pipermail/tor-dev/2015-October/009812.html
[8]: https://lists.torproject.org/pipermail/tor-dev/2015-October/009763.html
Miscellaneous news
------------------
The Tor BSD Diversity Project [9], “an effort to extend the use of the
BSD Unixes into the Tor ecosystem, from the desktop to the network”,
announced [10] the release of an OpenBSD port of Tor Browser 5.0.3, its
sixth Tor Browser release for BSD systems. See attila’s announcement for
download instructions, as well as a report on the TDP’s other
development and advocacy activities.
[9]: https://torbsd.github.io/
[10]: https://lists.torproject.org/pipermail/tor-dev/2015-October/009800.html
Tor’s Metrics team, “a group of Tor people who care about measuring and
analyzing things in the public Tor network”, now has its own public
mailing list and wiki page, as Karsten Loesing announced [11]. There is
a simple step to complete before you can post freely to the list, but
anyone interested in “measurements and analysis” is welcome to listen in
on discussions, and to check the team’s roadmap and workflow on the wiki
page.
[11]: https://lists.torproject.org/pipermail/tor-dev/2015-October/009808.html
“In an attempt to make Pluggable Transports more accessible to other
people, and to have a spec that is more applicable and useful to other
projects that seek to use Pluggable Transports for circumvention”,
Yawning Angel drafted a rewrite of the pluggable transports spec
document [12]. No behavior changes are specified in this rewrite, but
“unless people have serious objections, this will replace the existing
PT spec, to serve as a stop-gap while the next revision of the PT spec
(that does alter behavior) is being drafted/implemented”.
[12]: https://lists.torproject.org/pipermail/tor-dev/2015-October/009815.html
Simone Bassano published a report [13] on the OONI hackathon that took
place in Rome at the start of October. A working beta version of
MeasurementKit and progress on NetworkMeter, as well as ways to make use
of censorship data, were among the outcomes.
[13]: https://lists.torproject.org/pipermail/ooni-dev/2015-October/000353.html
Upcoming events
---------------
Nov 02 17:00 UTC | OONI team meeting
| #ooni, itc.oftc.net
|
Nov 02 19:00 UTC | Tor Browser meeting
| #tor-dev, irc.oftc.net
|
Nov 03 16:00 UTC | SponsorR meeting
| #tor-dev, irc.oftc.net
|
Nov 03 18:00 UTC | Core Tor patch workshop
| #tor-dev, irc.oftc.net
|
Nov 03 19:00 UTC | Tails contributors meeting
| #tails-dev, irc.oftc.net
| https://mailman.boum.org/pipermail/tails-project/2015-October/000335.html
|
Nov 04 15:30 UTC | Network team meeting
| #tor-dev, irc.oftc.net
|
Nov 05 14:00 UTC | Metrics team meeting
| #tor-dev, irc.oftc.net
| https://trac.torproject.org/projects/tor/wiki/org/teams/MetricsTeam
|
Nov 05 15:00 UTC | 1-1-1 task exchange meeting
| #tor-dev, irc.oftc.net
This issue of Tor Weekly News has been assembled by Harmony.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [14], write down your
name and subscribe to the team mailing list [15] if you want to
get involved!
[14]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
[15]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
More information about the tor-news
mailing list