[messaging] Are vanity onion domains a good idea?

Taylor R Campbell campbell+moderncrypto at mumble.net
Mon Oct 26 16:52:29 PDT 2015


   Date: Mon, 26 Oct 2015 17:26:25 +0100
   From: Mike Hearn <mike at plan99.net>

   Two simple fixes for the case of non-anonymous services:

   1) Don't use onion addresses. For non-anonymous services it's just being
   used as a hack around the difficulty of reliably identifying Tor
   connections. Otherwise you could just tell users to browse to
   tor.facebook.com and then the server would give an error page if you
   weren't coming from an exit. It'd be faster too.

The name tor.facebook.com is not self-authenticating, which is the
main practically useful function of .onion names.

   2) Use an EV certificate so the browser shows the true name of the service
   in the address bar. Chrome will show it in green next to the address,
   Safari will actually show the organisation name instead of the URL, thus
   solving the issue completely.

Facebook can afford an EV certificate.  I can't -- and much of my
motivation for using self-authenticating names is to avoid relying on
the thousands of independent single points of failure that make up the
HTTPS CA racket.  (Facebook can also afford to ask Google to do
certificate pinning in Chromium for facebookcorewwwi.onion, in order
to sidestep thousands of points of failure, but again, I can't.)

For decades browsers have been able to record for us hard-to-remember
strings of letters and symbols for future reference, namely bookmarks.
Perhaps browsers should not only let us invoke bookmarks, but also
visually distinguish whether the we are looking at a bookmarked .onion
or not.


More information about the Messaging mailing list