ietf
[Top] [All Lists]

Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard

2015-08-07 10:30:12
(The last call is still on...)

I am trying to write another document and wanted to include descriptions
of ".onion" names.

I'm seeking authoritative references but am having some trouble doing so.
This isn't meant to be a replay of my previous comment that the draft
under discussion is poorly supported by documents - which it is to some
extent - but I really would like to find reliable references.  The last
call document is sparse on references, and there's not much from other
sources I see (Wikipedia.org).

I've come across: 
"https://gitweb.torproject.org/torspec.git/tree/address-spec.txt";
named "Special Hostnames in Tor" by "Nick Mathewson".  This document lacks
any mention of how to contact the author with questions, nor any
information regarding the status of the document.  It describes ".exit",
".onion" and ".noconnect".  The latter is said to be obsoleted.  ".Exit"
is defined in a way that includes a "hostname" which, from the examples, I
assume is the term defined in RFC 1123 (and thus a DNS name).  ".Onion"
refers to "rend-spec.txt" without any qualification but I was able to
track that document down.

The definition of a .onion name is "the digest is the first eighty bits of
a SHA1 hash of the identity key for
  a hidden service, encoded in base32."  I'd heard that Onion names would
be too long for DNS domain names, but I don't see that from the definition
given here.  My concern is that "I hear" different stories in email than I
read in documents.

Accessing "https://gitweb.torproject.org/torspec.git/tree/rend-spec.txt"; I
see a document called "Tor Rendezvous Specification" with no editor/author
credited as well as no indication of where to send questions.  It does
invoke "RFC 2119" but does not identify that as the IETF produced document
commonly referred to as RFC 2119 "Key words for use in RFCs to Indicate
Requirement Levels".

According to that document, onion names (or perhaps "valid onion
addresses" are something else) "contain 16 characters in a-z2-7 plus
'.onion'".  Again, that doesn't mesh with the story that names are too
long.

This may be an off-shoot, but it appears that the onion names are wedded
to RSA and SHA-1.  This is fine, but makes me wonder about future
stability of the protocol and hence the designation of .onion as special
purpose, if there's ever a need to change cryptographic parameters.  I am
mentioning this as someone not well steeped in cryptography but as someone
exercising cryptographic algorithm agility in DNSSEC operations.

I would like to avoid trolling against the effort to reserve onion.  But
in the effort to document other elements of name spaces, I'm having
difficulty locating definition of onion names and this difficulty worries
me when it comes to registering a name as special use (without a "why").

If someone can point me to a definition of how Tor treats and writes names
"ending with .onion", I would appreciate the reference.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

<Prev in Thread] Current Thread [Next in Thread>