Delivery-Date: Sun, 09 Aug 2015 01:01:12 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 6D9AE1E0B52;
	Sun,  9 Aug 2015 01:01:10 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 9BDC635E08;
	Sun,  9 Aug 2015 05:01:04 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E8B3835CB9
 for <tor-talk@lists.torproject.org>; Sun,  9 Aug 2015 05:01:00 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id x-OB1cgqgGtv for <tor-talk@lists.torproject.org>;
 Sun,  9 Aug 2015 05:01:00 +0000 (UTC)
Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com
 [IPv6:2607:f8b0:400d:c09::231])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id BEDF231F02
 for <tor-talk@lists.torproject.org>; Sun,  9 Aug 2015 05:01:00 +0000 (UTC)
Received: by qkbm65 with SMTP id m65so49255934qkb.2
 for <tor-talk@lists.torproject.org>; Sat, 08 Aug 2015 22:00:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=subject:to:references:from:message-id:date:user-agent:mime-version
 :in-reply-to:content-type:content-transfer-encoding;
 bh=j0irZnP0Q6uQ7y3s6GYLvEP2pEtUFsS4r5sHKRMi9ag=;
 b=BtFpTJVnzRDs46s1+bj7ux0QwrfcXsSCCLtEpF9sVcoC39XaW/dLENw59GYQMn3Ko/
 PX7ri7NPgBVUUlllzfFcl/E++v+emg8LUo++lfq59Pe7K0Bl9oxTUPa1XtXt4bl8MjJv
 g7rd3Zm13xQXsD98SoEiDSdV32uIdsHwY6LN0Z6+sb9BfYtW1LkMhF46eZAq56flE5Mo
 1ft9aM2wBKHFYx2dd0t+fvNv3ARAFKHmtUUSVBxF0F5OiDD0r5dtERtLOkdWqooKG/wU
 xuWqR0oei1zkWP+jvxvVrE8mFrcpVJH78RYFbq8KSnaWpHRFNb2tQPL+98BMeh0sPR24
 lmWQ==
X-Received: by 10.55.43.224 with SMTP id r93mr27390589qkr.24.1439096458414;
 Sat, 08 Aug 2015 22:00:58 -0700 (PDT)
Received: from [10.137.2.45] (cpe-184-153-187-27.maine.res.rr.com.
 [184.153.187.27])
 by smtp.googlemail.com with ESMTPSA id 60sm3682978qgy.19.2015.08.08.22.00.57
 for <tor-talk@lists.torproject.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sat, 08 Aug 2015 22:00:57 -0700 (PDT)
To: tor-talk@lists.torproject.org
References: <55C54AC7.8090709@canaglie.org>
 <20150808031616.GJ9483@mail2.eff.org> <55C5A91F.3070706@gmail.com>
 <20150809010419.GM9483@mail2.eff.org>
From: Jeremy Rand <biolizard89@gmail.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <55C6DE88.9060807@gmail.com>
Date: Sun, 9 Aug 2015 05:00:56 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <20150809010419.GM9483@mail2.eff.org>
Subject: Re: [tor-talk] General question regarding tor, ssl and .onion.
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 08/09/2015 01:04 AM, Seth David Schoen wrote:
> Jeremy Rand writes:
> 
>> It's theoretically possible to use naming systems like Namecoin
>> to specify TLS fingerprints for connections to Tor hidden
>> services, which would eliminate the need for a CA.  I'm hoping to
>> have a proof of concept of such functionality soon.
> 
> Is there a way to prevent an attacker from simply claiming the
> same identifier in Namecoin before the actual hidden service
> operator does?
> 

By "identifier", you mean the .onion name?  If so, then yes, there are
a few ways this could be done.  One potential method is to have the
client look up names by prefix rather than exact match, so that if you
have xyz.onion, the client looks up all Namecoin names that *begin*
with xyz.onion, and the client will look through them until it finds
one whose value includes a signature signed by the .onion key.  An
attacker could try to spam the namespace with lots of names that have
invalid .onion signatures, but given name fees this would be a quite
expensive attack and would only slow down the lookup rather than stop
it from working.  This functionality (specific to .onion) is not
implemented at the moment, but fast prefix lookups are implemented in
namecoind in a dev branch (which will hopefully be merged to master
soon), so this isn't something that would be incredibly hard to do.
If there's specific interest in this kind of functionality, I can
inquire into whether we can merge the fast prefix lookups code now --
let me know if you'd like me to do so.

Cheers,
- -Jeremy Rand
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVxt6GAAoJEAHN/EbZ1y062ekP/RVwFzBAoOFzlHySQIKoKy2D
CXNhTJUkrHPv/r4PUrKk8EKPYvrRWNTHMyQSp5lW+ASpsXIqel8XY6eYFpm2ycur
uk+Ot6RDHuUbqZbdNSszK4Q/MiIwYUGDH44EeW6m8SoE9PbtFVjefoFh0AQCMaoQ
U3tTUu7a2EvXtdgTTKjtvn4oP9vbZqRZZmO1TC653t5IAb5QJkRtnmYIUgvxP3tn
vRg4phYVHSiyW9f3gKeTolCiZkqMq0Kk1J6ajzU8ASfzUIUAE8lsRuDxONB0hYXJ
9dj0MTmQEraUA8SttYgz81xtsOR0zxE/oRjrNIKRZNR2bv3S6IPa5cUA+BjoorTx
MFJU7QFqrI/Hf+5SKgS+bHrqQXs7MPo29XsC4nOgq+Jqyu8FNpbSHU2Dhj/qO0H0
rPpKcpYFBYifoGyuu3Fl8j8NOGDvohmJt+NxKBOenjMBnAM8RM6LcLqE5D2hdxYv
D5jU7KPMCVLbtTgSw7F+qaMjdO0g7/m3AB/TWhHjTuZocwX3opevuaC4i1ZGIelk
HEfWRVFTuTNLNUUQvwMk4ajGxZyigsfJowjwH+oNu7LU10N7bgTSbCDANAW1Pnc0
LnbTs99ghTahSxSq7jYeH2ySTRBhpjmeZYGH30tRZTFUVGVnnn+NHOaLDLMtTJpd
gMfAtEfA8WWkVL0idPmJ
=QJNr
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

