Opened 3 years ago

Closed 12 months ago

#15622 closed enhancement (wontfix)

Allow hyphens in hidden service names?

Reported by: arma Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: needs-proposal
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

https://blog.torproject.org/blog/crowdfunding-future-hidden-services#comment-91980
makes an interesting suggestion:

It would also be nice, if we lengthen the service addresses to accomodate
more security, to allow hyphens or some other divider character in the name
that will be ignored. This would allow names to be more memorable, even in
their current form. These characters should probably be stripped off in the
TBB from any Host: headers, at least, to resist using them as a client
fingerprinting side-channel. There is precendent for this sort of thing:
gmail ignores periods (.) in the "username" portion of its email addresses.

I bet there are complications that we haven't thought of -- the different versions of the Host: header is an interesting fingerprint, and similarly I would worry about different versions of the same name being handled differently by some caches, Tor's mapaddress to virtual addresses, etc.

Also, if we indeed make hidden service names much longer, then the Shallot approaches will be much less effective at making them mostly memorable.

But I figured we should have an actual ticket where we make some decisions, rather than letting it get lost as an old blog comment.

Child Tickets

Change History (11)

comment:1 Changed 3 years ago by Sebastian

Why is this 0.2.7-final?

Seems like a hack with dubious benefits to me that's unlikely to gain us much with the new hidden service design.

comment:2 in reply to:  1 Changed 3 years ago by arma

Replying to Sebastian:

Why is this 0.2.7-final?

So our discussion will include choosing a milestone for it. I could have put it in ??? but then it would have likely been triaged out of discussion.

Seems like a hack with dubious benefits to me that's unlikely to gain us much with the new hidden service design.

Another angle to that might be: we really need to solve the memorable name side with petnames or with namecoin or with some solution, but trying to make the secure version of the name be memorable is a losing goal.

comment:3 Changed 3 years ago by nickm

Keywords: 027-triaged-1-out needs-proposal added
Milestone: Tor: 0.2.7.x-finalTor: 0.2.???

I think this is out for 0.2.7; it would fit well with prop224 if we decide to it that though.

comment:4 Changed 3 years ago by kernelcorn

OnioNS should allow hyphens in its memorable names for HSs, which should solve this usability problem. I don't agree that Tor needs to change its syntax here. While it does provide some defense against spoofing attacks, I don't see it being worth the hack.

comment:5 Changed 20 months ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:6 Changed 19 months ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:7 Changed 13 months ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:8 Changed 13 months ago by nickm

Keywords: 027-triaged-in added

comment:9 Changed 13 months ago by nickm

Keywords: 027-triaged-in removed

comment:10 Changed 13 months ago by nickm

Keywords: 027-triaged-1-out removed

comment:11 Changed 12 months ago by nickm

Resolution: wontfix
Severity: Normal
Status: newclosed
Note: See TracTickets for help on using tickets.