[tor-onions] Renaming Rendezvous Single Onion Services

Paul Syverson paul.syverson at nrl.navy.mil
Wed Mar 30 02:17:38 UTC 2016 

On Wed, Mar 30, 2016 at 11:33:39AM +1100, Tim Wilson-Brown - teor wrote:
> 
> > On 11 Mar 2016, at 02:35, Kate Krauss <kate at torproject.org> wrote:
> > 
> > Hi!
> > 
> > Can you explain what this is, and its purpose, in language suitable for
> > a general reader? That will help me think about the name. I looked up
> > the ticket number but still don't completely understand (and wasn't at
> > sessions about this in Valencia, unfortunately). I *think* I know--but
> > further explanation would be really helpful here :)
> 
> 
> Single Onion Services are an alternative to Hidden (Onion) Services.
> They share many of the same properties: self-authenticating
> addresses, end-to-end encryption, censorship circumvention, and
> client anonymity.

Well no. The naming (which I thought was settled long ago so not sure
how this whole thread got re-opened) goes like this:

Onion services:        All of them

Double-onion services: Those that connect client to server over two
                       Tor circuits, one from the client and one from
                       the service.

Single-onion services: Those that just use one Tor circuit (from the
                       client) to connect to the service.



The entire point of calling them 'onion services' was to get away from
the pejorative and intentional confusions of 'hidden services'. So going
forward, nothing should be called 'hidden services' at all unless you
are explicitly calling attention to the address-hiding feature. And
even then there are probably preferable other ways to say it.

The terms above were intended to provide short simple names that
distinguish two important types. They don't describe what the services
are for, because that makes them misleading and confusing names when
someone comes up with another use for them. It also creates problems
for some existing uses. But the names do provide an easy to understand
distinction. If you want to know what they're for, the names don't
tell you, and it depends anyway so you don't want people mislead
by the names.

For example, consider NAT and firewall punching onion services for
system administration. Suppose you set this up as a rendezvous
single-onion service, but you intentionally don't give out the
address. Is that hidden? Well not in the original sense of hidden
services.  If, however, you're not worried about a correlating
end-to-end attacker, but you don't want people in general to have the
address or to know how/where to connect to it, that clearly isn't meant
to be "open" or "public" or...

The above names are all that we need to use for broad discussion to
general readers.  Further subtleties are not easily captured in simple
names that anyone can grasp quickly. For example, though I myself am
not thrilled, we seem to be settling on

Rendezvous single-onion services: That's a name for people who already
understand things a bit, not naive users. If they think upon hearing
the name and nothing else, "I don't understand that," that's a good
thing. Developers also need short simple names to use around the
office. I prefer RSOS services (pronounced arr-sauce services, and
continuing the longstanding tradition of the RAS syndrome
https://en.wikipedia.org/wiki/RAS_syndrome )
Plain single-onion services (without rendezvous) can be
(pronounced p-sauce services). 


> 
> The difference is this:

> Hidden Onion Services keep the location (IP address) of the service
> hidden, as well as hiding the client's location.
> 
> But Single Onion Services make the service easy to locate, in return
> for faster connection speeds.  They are ideal for sites that are
> publicly known and high-volume, that want to give their users the
> anonymity, security, and circumvention features of Tor Onion
> Services.

I don't like this description. It mixes a functional-use name
with a design-description name. Better

  Single-onion services are an alternative to the double-onion
  services from Tor's original design. All onion services share some
  important protections in practice: self-authenticating addresses,
  end-to-end encryption, censorship circumvention, and client
  anonymity.

  Double-onion services connect a browser to a web server using two
  Tor circuits, one from the web server in addition to the usual one
  from the browser.  One thing this does is hide the location (IP
  address) of the server, not just the client.

  Some service providers would like to offer their users the
  protections that onion-services offer. But they prefer the faster
  connections and better performance they can get from single-onion
  services. Single-onion services also put less load on the Tor
  network, so those who do not feel they need the additional
  protections offered by double-onion services can reduce their impact
  while still providing the basic onion service protection.


I wrote the description assuming a web-browsing context, but I thought
that would be appropriate for a first description to a general reader.

aloha,
Paul

More information about the tor-onions mailing list