Talks of hidden services and DNS

Kasimir Gabert kasimir.g at gmail.com
Mon Mar 12 02:22:10 UTC 2007


Hello HD,

I think that the only way it would work would be a first come, first
serve basis.  I do not think that authentication would be required,
although we could limit the amount of domains per onion address so
that we do not have one user taking up 500,000 domains or something.
The registrar could also run a program to make sure that there
actually is a website (or server) running at the hidden onion address.
 I think this way it would be too much hassle without any gain for
someone to destroy the DNS network.

The way that I see it would be all of the current hidden servers would
quickly get a name that they choose, and then as new servers come on
names should be readily available.

This all depends on how .onion addresses are assigned.  For example,
could one server have more than one .onion address?  Could it have
500?

And also, should the registrar servers drop .hidden.int. or .hidden.
domains after a week or so of not being able to contact the .onion.?

On 3/11/07, H D Moore <torspam at metasploit.com> wrote:
> The tricky part will be deciding who is authoritative for the DNS records.
> If any user can submit a name, what if its already taken? Does it
> overwrite, or is it first-come, first-serve? If its distributed, then a
> rogue operator could serve false responses for a target name. If this is
> something that the tor "core" would operate, it still needs some form of
> authentication to manage/update/remove/etc.... and authentication seems
> to be the exact opposite of what tor is supposed to provide.
>
> -HD
>
> On Sunday 11 March 2007 21:10, Kasimir Gabert wrote:
> > I do not see any major security holes that this would bring up. It
> > seems to me like it would be the same as accessing google.com through
> > Tor -- the DNS is looked up through Tor and so it would not be
> > overridden by a malicious ISP or country.
>


-- 
Kasimir Gabert



More information about the tor-talk mailing list