On 31 December 2017 at 11:46, Alec Muffett <alec.muff...@gmail.com> wrote: > > ...so that any UX component which wants to help the user can highlight (in > red? or bold?) where the problem is, picking out a chunk of 12 characters > which contain the typo: > https://www4acth47i6kxnvkewtm6q7*ib2s3ujpo5sq*bsnzjpbi7utijclt > osqemadwxyz.onion/ > ---------------------------------^^^^^^^^^^^^ > Spot the errant 'j'. > The advantage of a system like this is that it's not perfect, but a typo > mostly has to happen twice and be quite fortunate to go undetected. > Of course it's not perfect, but nothing will be, and clever selection of > checksum and encoding will result in something which is still DNS- and > Browser-compliant. >
One other advantage: a DNS-format-compliant checksum like this could be trivially baked into an SSL certificate without requiring CA/Browser Forum to invent a wholly new kind of certificate just-for-Tor This would result in Prop224 Onion Addresses which would not only be typo-resistant, but could also continue to be issued with EV certificates where site-attestation is beneficial. Further: adding segment-checksum bits at the end would be (I think?) backwards compatible with existing Prop224 addresses. -a -- http://dropsafe.crypticide.com/aboutalecm
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev