[messaging] Are vanity onion domains a good idea?
Taylor R Campbell
campbell+moderncrypto at mumble.net
Tue Oct 27 06:37:40 PDT 2015
[Quotations reordered to make my replies flow better.]
Date: Tue, 27 Oct 2015 13:45:47 +0100
From: Mike Hearn <mike at plan99.net>
> The name tor.facebook.com is not self-authenticating, which is the
> main practically useful function of .onion names.
Well ... but this thread starts by observing that attackers are exploiting
the fact that Onion names are opaque random strings, meaning people do (at
best) prefix matches of a few characters.
So isn't the issue that Onion names are *not*, in practice, self
authenticating?
The issue Philipp raised is that the use of vanity onions encourages
people to do short prefix matching instead of letting a machine handle
it.
Philipp's suggestion was to make vanity onions much more costly in
order to discourage them, so that nobody is even tempted to do short
prefix matching.
I suspect that that will mean only Facebook, Google, and the NSA can
afford to have vanity onions (unless we make it so costly that only
Facebook, Google, and the NSA can afford to have any onions at all).
I think making opaque onions easier to work with is a more fruitful
avenue than making vanity onions harder, hence my suggestion about
bookmarks --
Chrome already shows visually if a page is bookmarked or not (the star on
the right hand side). So there's nothing to do there.
Nice. Perhaps it would be worthwhile to do more for onions, e.g. show
a scary broken lock when the user has not explicitly verified it, and
let the user keep personal notes about verification.
(In addition to onions, it would also be nice for the browser to
handle, e.g., Tahoe-LAFS caps similarly. I've been nervous about
putting those into browsers via URIs, unsure of how careful browsers
are about copying them around and storing them in places I wouldn't
store keys.)
There are not thousands of CA's, even Firefox only trusts a hundred or so
in total and EV certs are issued by only about 25-30. And Google is forcing
them into certificate transaparency, so if someone did issue a bogus EV
cert under your name you'd be able to locate it immediately with something
as basic as a cron job.
There are hundreds of CAs listed in the browser. There are doubtless
thousands of intermediate CAs that are not listed explicitly but can
nevertheless issue certificates for any names. Every now and then we
hear about Comodo or whoever having accidentally authorized some
subsidiary or customer to do so when they didn't mean to.
More information about the Messaging
mailing list