Application of Onion Services

  • Next-generation onion services needed to recommend their wide use
    • weak keys (1024-bit RSA)
    • short names in onion addresses
  • Scalability important to understand and improve to enable wide use
    • Internet of Things could mean millions of devices, will onion services scale to this number?
    • Ephemeral onion services could require a large number of onion services that are fast to set up and access
    • Anonymous distributed systems (e.g. Onion Grid)
  • Internet of Things devices promising application
    • Devices could onion services to provide self-authentication (no Certificate Authorities), NAT punching, and client authentication. Note server anonymity not needed (client anonymity not a major goal either).
    • NetGain could potentially fund this kind of development
    • If anonymity is truly not desired, why does IoT need Tor at all?
  • Onion services difficult to set up currently, making this easier would help adoption
    • Tor could provide authoritative guides to setting up secure onion services, including Tor configuration, OS configuration, server configuration, etc.
    • Make a “Tor Server Bundle” analogous to the Tor Browser Bundle to enable simple, safe setup
      • Docker image, VM?
      • Useful configuration include web server and SSH server
    • Debugging and logging could be made more understandable at the INFO/WARNING levels to help onion-service operators figure with troubleshooting
  • Websites over Tor (aka onionsite access)
    • Potential application to existing websites that can make themselves available as onion services
    • Firefox add-on updates
Last modified 18 months ago Last modified on Sep 30, 2016, 3:50:30 PM