Delivery-Date: Thu, 31 Jul 2014 08:25:19 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id AA8BA1E0ACC;
	Thu, 31 Jul 2014 08:25:17 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id A1DDE309F6;
	Thu, 31 Jul 2014 12:25:14 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id A1A3B309DA
 for <tor-talk@lists.torproject.org>; Thu, 31 Jul 2014 12:25:10 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 1vck1KADgmte for <tor-talk@lists.torproject.org>;
 Thu, 31 Jul 2014 12:25:10 +0000 (UTC)
Received: from exch-2010-smtp-out-04.livemail.co.uk
 (exch-smtp-out.livemail.co.uk [213.171.216.29])
 by eugeni.torproject.org (Postfix) with ESMTP id 20ABB307D9
 for <tor-talk@lists.torproject.org>; Thu, 31 Jul 2014 12:25:10 +0000 (UTC)
Received: by exch-2010-smtp-out-04.livemail.co.uk (Postfix, from userid 500)
 id 2BAF4AF55BA; Thu, 31 Jul 2014 13:22:03 +0100 (BST)
Received: from exch2-ht01.email2.local (mail213-171-216-56.livemail.co.uk
 [213.171.216.56])
 by exch-2010-smtp-out-04.livemail.co.uk (Postfix) with ESMTP id DEC3EAF55AE
 for <tor-talk@lists.torproject.org>; Thu, 31 Jul 2014 13:22:02 +0100 (BST)
Received: from EXCH2-MB06.email2.local ([fe80::c8b9:7294:42b4:c26b]) by
 exch2-ht01.email2.local ([fe80::5cba:b5d5:2214:132b%17]) with mapi id
 14.02.0387.000; Thu, 31 Jul 2014 13:22:03 +0100
From: Mike Fikuart <mike@fikuart.com>
To: "tor-talk@lists.torproject.org" <tor-talk@lists.torproject.org>
Thread-Topic: [tor-talk] Tor DNS
Thread-Index: AQHPq+uFJG/HuOz6sUiIOaYg9P5mzJu5FgAAgAD1dIA=
Date: Thu, 31 Jul 2014 12:22:02 +0000
Message-ID: <ED65AE5C-A4B7-473F-A216-C3447690D545@fikuart.com>
References: <3BC96F3B-44DB-4EE4-810B-C19E7D9097FC@fikuart.com>
 <53D96702.3050901@gmail.com>
In-Reply-To: <53D96702.3050901@gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
x-originating-ip: [81.133.55.217]
MIME-Version: 1.0
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Tor DNS
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============3981304357721620524=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

--===============3981304357721620524==
Content-Language: en-US
Content-Type: multipart/signed;
	boundary="Apple-Mail=_2BC9A380-FA3E-446F-B5F8-8A9DEF06BA73";
	protocol="application/pgp-signature"; micalg=pgp-sha512

--Apple-Mail=_2BC9A380-FA3E-446F-B5F8-8A9DEF06BA73
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Thanks for the response Ondrej.

I was thinking specifically for the .onion addresses as opposed to the =
conventional www addressing.  When the client first recognises the =
.onion domain, could a DNS be set up within Tor dealing only with .onion =
hostnames/domain space and conventional DNS requests for www be handled =
as currently (or developed as per proposal 129)?

My thought was that [hiddenservice].onion would be dealt with by the Tor =
NameServer to return the hostname (derived from public key).  =46rom =
here the hidden services protocol would continue as per normal.  The =
only weakness would be the security of the information coming back from =
the D/NS pointing to the same hostname.onion; however with Tor circuit/s =
to the DNS this should negate such an attack.  Further to your comment =
about the request leaving the Tor network; these DNS requests would be =
handled internally, never leaving the network.  Is this feasible and =
reliably reproducible?

Just as there was the increasing need for the Tor search engine, this =
would (I believe) encourage more people to benefit from presenting their =
information/services in a usable format.

I note your further comments about the cost/resources of registering the =
TLD .onion, but there may be a time when there is a business model that =
can benefit from the investment and returns.
=20
Yours sincerely
=20
Mike Fikuart IEng MIET
=20
Mobile: 07801 070580
Office: 020 33840275
Blog: mikefikuart
Skype: mikefikuart
Twitter: mikefikuart
LinkedIn: mikefikuart

On 30 Jul 2014, at 22:43, Ondrej Mikle <ondrej.mikle@gmail.com> wrote:

Hi,

On 07/30/2014 01:43 PM, Mike Fikuart wrote:
> I am aware that there is a Project Idea (under
> =
https://www.torproject.org/getinvolved/volunteer.html.en#improvedDnsSuppor=
t)
> point q. Improved DNS support for Tor;

I am the author of the proposal 219.

If you want DNS, you can make it work today via a tunnel with Unbound. =
One
sample howto: https://labs.nic.cz/page/993/ - DNSSEC is optional

> however has there been any exploration or development of a fully =
fledged
> DNS system for Tor

I have spent more than half a year trying to make it work. Most time =
spent was
due to DNSSEC and especially its latency - it is quite easy to have 20
roundtrips for one DNS request because of CNAME and DNAME. Which can =
take 5-20
seconds - incurring seemingly "random" errors (from the user's point of =
view).

On a good day with good circuit and "heated cache" you can get average =
~3 secs
to resolve a request.

> that could give human readable names to hidden services?

This is not a good idea for many reasons. I'm not up-to-date with the =
latest
rendezvous protocol, but AFAIK the DNS request would be sent from =
different
exit node than the nodes used for rendezvous - which would in turn make
correlation attacks easier.

> If further consideration is given to also pursuing the registration of =
the
> .onion domain as a TLD, this could also open further publicity and =
revenue
> for the Tor Project.   The domain auctions for .tv and .co raised
> significant revenue for the Tuvalu and Colombian countries not to =
mention
> the managing organisations.

TLD costs $150k USD as "down payment" and requires additional =
infrastructure
to support the gTLS which is not cheap. There are much better ways how =
to
spend the resources.


> Has any of this been looked at previously or are there reasons why =
this is
> not being pursued?

DNS being 30+ years old has incredibly many special cases. There are
quick-and-dirty implementations but that's probably not what one would =
want
with anonymity software.

Ondrej
--=20
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


--Apple-Mail=_2BC9A380-FA3E-446F-B5F8-8A9DEF06BA73
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="signature.asc"
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJT2jTpAAoJELAnAPRS6Urkp8IH/Rc07TIwroo5TkKuyZg089al
xv8vRTAF+g/so2oo9FHGDfwKrSjLofw+UWDuKZJXwvwKn+oEjzBS+wAANm6fUSFn
l5vE8B3gDacqNb9N6I+feBdJLW5QHyC5/z+U8tbU0DPOp10140N4jVQ2bHMIA12S
PsktYwd7wO946tfHt+b9i8TaWHiYIkML4fUmnioOvRbLAQKaXfgp2Gou7vKXTxcs
8c6g9+OcO9dMQVusplJU44t/wD/MOxkzImhT8sawJUGh2f66di76Uqt7XVLlHMWm
31QqOjZ0Po8BdJsHFh/BM+Wla63vfObpC3+/9EX+YumhBYyRQc+n3iR471wgDy4=
=rfcW
-----END PGP SIGNATURE-----

--Apple-Mail=_2BC9A380-FA3E-446F-B5F8-8A9DEF06BA73--

--===============3981304357721620524==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============3981304357721620524==--

