On 31 December 2017 at 11:46, Alec Muffett <alec.muff...@gmail.com> wrote:
>
> ...so that any UX component which wants to help the user can highlight (in
> red? or bold?) where the problem is, picking out a chunk of 12 characters
> which contain the typo:
> https://www4acth47i6kxnvkewtm6q7*ib2s3ujpo5sq*bsnzjpbi7utijclt
> osqemadwxyz.onion/
> ---------------------------------^^^^^^^^^^^^
> Spot the errant 'j'.
> The advantage of a system like this is that it's not perfect, but a typo
> mostly has to happen twice and be quite fortunate to go undetected.
> Of course it's not perfect, but nothing will be, and clever selection of
> checksum and encoding will result in something which is still DNS- and
> Browser-compliant.
>
One other advantage: a DNS-format-compliant checksum like this could be
trivially baked into an SSL certificate without requiring CA/Browser Forum
to invent a wholly new kind of certificate just-for-Tor
This would result in Prop224 Onion Addresses which would not only be
typo-resistant, but could also continue to be issued with EV certificates
where site-attestation is beneficial.
Further: adding segment-checksum bits at the end would be (I think?)
backwards compatible with existing Prop224 addresses.
-a
--
http://dropsafe.crypticide.com/aboutalecm
_______________________________________________
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
