Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard

[Wendy Seltzer <wseltzer@w3.org>]

On 08/07/2015 09:50 AM, Edward Lewis wrote:
> (The last call is still on...)
> 
> I am trying to write another document and wanted to include descriptions
> of ".onion" names.
> 
> I'm seeking authoritative references but am having some trouble doing so.
> This isn't meant to be a replay of my previous comment that the draft
> under discussion is poorly supported by documents - which it is to some
> extent - but I really would like to find reliable references.  The last
> call document is sparse on references, and there's not much from other
> sources I see (Wikipedia.org).

You might find https://spec.torproject.org/ helpful as a listing of
various tor specs and design documents, if you prefer that to a git
repository.

While Tor has not necessarily used IETF conventions, the project has
long been committed to public documentation of its design and protocol
choices. Tor distinguishes between "proposals," not yet implemented, and
specs.[1]

--Wendy
[1] https://gitweb.torproject.org/torspec.git/tree/

> 
> I've come across: 
> "https://gitweb.torproject.org/torspec.git/tree/address-spec.txt"
> named "Special Hostnames in Tor" by "Nick Mathewson".  This document lacks
> any mention of how to contact the author with questions, nor any
> information regarding the status of the document.  It describes ".exit",
> ".onion" and ".noconnect".  The latter is said to be obsoleted.  ".Exit"
> is defined in a way that includes a "hostname" which, from the examples, I
> assume is the term defined in RFC 1123 (and thus a DNS name).  ".Onion"
> refers to "rend-spec.txt" without any qualification but I was able to
> track that document down.
> 
> The definition of a .onion name is "the digest is the first eighty bits of
> a SHA1 hash of the identity key for
>   a hidden service, encoded in base32."  I'd heard that Onion names would
> be too long for DNS domain names, but I don't see that from the definition
> given here.  My concern is that "I hear" different stories in email than I
> read in documents.
> 
> Accessing "https://gitweb.torproject.org/torspec.git/tree/rend-spec.txt" I
> see a document called "Tor Rendezvous Specification" with no editor/author
> credited as well as no indication of where to send questions.  It does
> invoke "RFC 2119" but does not identify that as the IETF produced document
> commonly referred to as RFC 2119 "Key words for use in RFCs to Indicate
> Requirement Levels".
> 
> According to that document, onion names (or perhaps "valid onion
> addresses" are something else) "contain 16 characters in a-z2-7 plus
> '.onion'".  Again, that doesn't mesh with the story that names are too
> long.
> 
> This may be an off-shoot, but it appears that the onion names are wedded
> to RSA and SHA-1.  This is fine, but makes me wonder about future
> stability of the protocol and hence the designation of .onion as special
> purpose, if there's ever a need to change cryptographic parameters.  I am
> mentioning this as someone not well steeped in cryptography but as someone
> exercising cryptographic algorithm agility in DNSSEC operations.
> 
> I would like to avoid trolling against the effort to reserve onion.  But
> in the effort to document other elements of name spaces, I'm having
> difficulty locating definition of onion names and this difficulty worries
> me when it comes to registering a name as special use (without a "why").
> 
> If someone can point me to a definition of how Tor treats and writes names
> "ending with .onion", I would appreciate the reference.
> 
> 
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
> 


-- 
Wendy Seltzer -- wseltzer@w3.org