[tor-talk] [Cryptography] Implementing full Internet IPv6 end-to-end encryption based on Cryptographically Generated Address

[Mirimir]

On 01/25/2019 02:40 AM, Alec Muffett wrote:
> On Fri, 25 Jan 2019 at 08:54, Mirimir <mirimir at riseup.net> wrote:
> 
> I've not heard of "Tor v3 Onion Networking". Does it exist? Or if not, are
>> there plans? Or do you mean just using v3 onion-onion sockets? That would
>> be painful.
>>
> 
> Yes, I mean almost precisely that.

I was afraid that you were going to say that.

> Explanatory video: https://www.youtube.com/watch?v=qcPfJj7CY1A

I don't do audio on this box. I do a pretty good job of keeping cameras
out of my workspace, but don't have sound-proofinng :( And Youtube CC is
painful. But hey, I'll watch it all later :)

> All this talk about making Onions pretend to be TCP/IP is ... not
> maximising the value proposition of Onion Networking, in pursuit of some
> result where I cannot see a clear benefit. (Adoption of a substandard[*]
> solution, for adoption's sake?)

Let's say that I have a bunch of VPS, running Tor and OnionCat. Each has
the others' OnionCat IPv6 addresses in its /etc/hosts. Now I can use any
app that talks TCP/IP, without customization (except re latency).

I'm sure that one could write code that did all the same stuff, using
actual v3 onion hostnames. There are probably Python (or whatever)
libraries for that. And maybe that's the best approach. But whatever it
was, it'd be cool if tools like ping, bbcp, etc could interface with it.

> Tor's "presentation layer" is SOCKS5, which is okay ; perhaps eventually we
> will have AF_ONION in the same way that AF_X25 exists:
> 
>         http://man7.org/linux/man-pages/man7/x25.7.html

Yeah, something like that :)

> ...and like I had to use for sending/receiving email at X.25-based UK
> universities in the early 1990s.
> 
> But we don't need AF_ONION and a socket stack yet; what I think we need
> right now is people making more services available on v3 onion addresses,
> because it's faster and more secure.

What do you mean by "services"? If all you have is SOCKS5, you're pretty
limited. Unless you use shims like AF_X25. I never had to use that, but
I'm sure that OnionCat is far less hassle.

> Easing client connectivity by any means, does not provide benefit when
> there are no servers/peers to talk to (see video).
> 
> [*]Simply: I am happier to see the end clients knowing that they are
> talking directly to Tor rather than relying upon some per-operating-system
> "shim" to make Tor available to them; aside from any other reason, shims
> tend to get pushed upstream (NAT-boxes, anyone?) and further break the
> end-to-end principle.
> 
>     - alec
>