[tor-talk] onion routing MITM

2016-01-26 Thread populationsteamsir
I'm new to tor, trying to understand some stuff. I understand the .onion TLD is not an officially recognized TLD, so it's not resolved by normal DNS servers. The FAQ seems to say that tor itself resolves these, not to an IP address, but to a hidden site somehow. When I look at

Re: [tor-talk] onion routing MITM

2016-01-26 Thread a55deaba
A CA will not validate a '.onion' address since it's not an official TLD approved by ICANN. The numbers aren't random. From Wikipedia: "16-character alpha-semi-numeric hashes which are automatically generated based on a public key when a hidden service

Re: [tor-talk] onion routing MITM

2016-01-26 Thread Paul Syverson
This is false. First of all '.onion' is an officially recognized reserved top level domain according to IETF RFC 7686. Second, a CA _will_ validate a .onion address, but only to provide an EV (extended validation) Cert. EV Certs are typically only had by big companies etc. Typical browsers

Re: [tor-talk] onion routing MITM

2016-01-26 Thread Seth David Schoen
populationsteam...@tutanota.com writes: > I'm new to tor, trying to understand some stuff. > > I understand the .onion TLD is not an officially recognized TLD, so it's not > resolved by normal DNS servers. The FAQ seems to say that tor itself resolves > these, not to an IP address, but to a

Re: [tor-talk] onion routing MITM

2016-01-26 Thread Green Dream
> What prevents a person from registering a new .onion site, such as > http://laobeqkdrj7bz9pq.onion and then relaying all its traffic to > http://3g2upl4pq6kufc4m.onion, and trying to get people to believe that > *they* are actually the duckduckgo .onion site? Nothing. > When you see a link

Re: [tor-talk] onion routing MITM

2016-01-26 Thread populationsteamsir
26. Jan 2016 18:37 by a55de...@opayq.com: > A CA will not validate a '.onion' address since it's not an official TLD > approved by ICANN. > I understand that. > The numbers aren't random. From Wikipedia:  > "16-character alpha-semi-numeric hashes which are automatically generated >

Re: [tor-talk] onion routing MITM

2016-01-26 Thread Seth David Schoen
populationsteam...@tutanota.com writes: > The question is: From a user perspective, http://3g2upl4pq6kufc4m.onion just > looks like random characters. (And in fact, if it's a hash of a public key, > which was originally randomly generated, then indeed these *are* random > characters). You

Re: [tor-talk] onion routing MITM

2016-01-26 Thread Coyo Stormcaller
On Tue, 26 Jan 2016 18:31:50 + (UTC) wrote: > When I look at thehiddenwiki.org, I see a bunch of .onion sites, with > random looking names. Why is this? What if someone at > thehiddenwiki.org registered a new .onion site (for example >

Re: [tor-talk] onion routing MITM

2016-01-26 Thread Flipchan
Try to put up a server n run it throw tor and the generate a key with scallion for example https://github.com/lachesis/scallion , or ur favorite programming lang a55de...@opayq.com skrev: (26 januari 2016 19:37:24 CET) >A CA will not validate a '.onion' address since it's not an official >TLD