-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 08/09/2015 01:04 AM, Seth David Schoen wrote: > Jeremy Rand writes: > >> It's theoretically possible to use naming systems like Namecoin >> to specify TLS fingerprints for connections to Tor hidden >> services, which would eliminate the need for a CA. I'm hoping to >> have a proof of concept of such functionality soon. > > Is there a way to prevent an attacker from simply claiming the > same identifier in Namecoin before the actual hidden service > operator does? >
By "identifier", you mean the .onion name? If so, then yes, there are a few ways this could be done. One potential method is to have the client look up names by prefix rather than exact match, so that if you have xyz.onion, the client looks up all Namecoin names that *begin* with xyz.onion, and the client will look through them until it finds one whose value includes a signature signed by the .onion key. An attacker could try to spam the namespace with lots of names that have invalid .onion signatures, but given name fees this would be a quite expensive attack and would only slow down the lookup rather than stop it from working. This functionality (specific to .onion) is not implemented at the moment, but fast prefix lookups are implemented in namecoind in a dev branch (which will hopefully be merged to master soon), so this isn't something that would be incredibly hard to do. If there's specific interest in this kind of functionality, I can inquire into whether we can merge the fast prefix lookups code now -- let me know if you'd like me to do so. Cheers, - -Jeremy Rand -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVxt6GAAoJEAHN/EbZ1y062ekP/RVwFzBAoOFzlHySQIKoKy2D CXNhTJUkrHPv/r4PUrKk8EKPYvrRWNTHMyQSp5lW+ASpsXIqel8XY6eYFpm2ycur uk+Ot6RDHuUbqZbdNSszK4Q/MiIwYUGDH44EeW6m8SoE9PbtFVjefoFh0AQCMaoQ U3tTUu7a2EvXtdgTTKjtvn4oP9vbZqRZZmO1TC653t5IAb5QJkRtnmYIUgvxP3tn vRg4phYVHSiyW9f3gKeTolCiZkqMq0Kk1J6ajzU8ASfzUIUAE8lsRuDxONB0hYXJ 9dj0MTmQEraUA8SttYgz81xtsOR0zxE/oRjrNIKRZNR2bv3S6IPa5cUA+BjoorTx MFJU7QFqrI/Hf+5SKgS+bHrqQXs7MPo29XsC4nOgq+Jqyu8FNpbSHU2Dhj/qO0H0 rPpKcpYFBYifoGyuu3Fl8j8NOGDvohmJt+NxKBOenjMBnAM8RM6LcLqE5D2hdxYv D5jU7KPMCVLbtTgSw7F+qaMjdO0g7/m3AB/TWhHjTuZocwX3opevuaC4i1ZGIelk HEfWRVFTuTNLNUUQvwMk4ajGxZyigsfJowjwH+oNu7LU10N7bgTSbCDANAW1Pnc0 LnbTs99ghTahSxSq7jYeH2ySTRBhpjmeZYGH30tRZTFUVGVnnn+NHOaLDLMtTJpd gMfAtEfA8WWkVL0idPmJ =QJNr -----END PGP SIGNATURE----- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
