Tor Weekly News — October 31st, 2015
Welcome to the thirty-seventh issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community.
IETF reserves .onion as a Special-Use Domain Name
Several years of effort by Tor Project members and contributors bore fruit this week when the Internet Engineering Task Force, which develops and promotes voluntary standards for Internet technologies, recognized the .onion suffix as a special-use domain name.
As Jacob Appelbaum, who led the charge along with Facebook security engineer Alec Muffett, explained: “IETF name reservations are part of a lesser known process that ensures a registered Special-Use Domain Name will not become a Top Level Domain (TLD) to be sold by the Internet Corporation For Assigned Names and Numbers (ICANN).” In other words, it will not be possible for domain registrars to sell web addresses ending in .onion; if it were, it would create problems for Tor’s hidden service system, which uses that suffix to allow users to run anonymous and censorship-resistant web services accessible via the Tor Browser.
Another benefit of the name reservation is that it will now be possible to buy Extended Validation (EV) SSL certificates for .onion domains, a system which Facebook has trialled on its own popular hidden service.
“We think that this is a small and important landmark in the movement to build privacy into the structure of the Internet”, wrote Jacob. Congratulations to all those who spent time drafting this proposal and advocating for its adoption.
Tor proposal updates
Tor’s body of development proposals, documents that plan for improvements and changes in Tor’s software ecosystem, has seen some additions, updates, and reviews over the past week.
Nick Mathewson published proposal 256, which examines methods for revoking the long-lived public keys used by Tor relays and directory authorities in the event that they are compromised, or the operator believes there is a significant possibility that they have been compromised. Andrea Shepard wrote proposal 258, explaining how directory authorities could mitigate the risk of denial-of-service (DOS) attacks by classifying the types of directory requests they receive and setting thresholds for each. Nick and Andrea together published proposal 257, which identifies the different functions performed by directory authorities and examines how the risk of DOS attacks could be reduced by “isolating the security-critical, high-resource, and availability-critical pieces of our directory infrastructure from one another”.
George Kadianakis published a review of all the open proposals relevant to next-generation hidden services, giving a summary of each one along with its current status, “so that researchers and developers have easier access to them”.
Proposal 250, which specifies how directory authorities can come up with a shared random value every day, and which George describes as “a prerequisite” for all other work on next-gen hidden services, was itself updated to reflect changes in the implementation, which is almost finished, as David Goulet explained. Finally, Tim Wilson-Brown (teor) published a revised version of the as-yet unnumbered proposal for “rendevous single onion services”, “an alternative design for single onion services, which trade service-side location privacy for improved performance, reliability, and scalability”.
If you have any comments on these or other Tor proposals, feel free to post your thoughts to the tor-dev mailing list.
The Tor BSD Diversity Project, “an effort to extend the use of the BSD Unixes into the Tor ecosystem, from the desktop to the network”, announced the release of an OpenBSD port of Tor Browser 5.0.3, its sixth Tor Browser release for BSD systems. See attila’s announcement for download instructions, as well as a report on the TDP’s other development and advocacy activities.
Tor’s Metrics team, “a group of Tor people who care about measuring and analyzing things in the public Tor network”, now has its own public mailing list and wiki page, as Karsten Loesing announced. There is a simple step to complete before you can post freely to the list, but anyone interested in “measurements and analysis” is welcome to listen in on discussions, and to check the team’s roadmap and workflow on the wiki page.
“In an attempt to make Pluggable Transports more accessible to other people, and to have a spec that is more applicable and useful to other projects that seek to use Pluggable Transports for circumvention”, Yawning Angel drafted a rewrite of the pluggable transports spec document. No behavior changes are specified in this rewrite, but “unless people have serious objections, this will replace the existing PT spec, to serve as a stop-gap while the next revision of the PT spec (that does alter behavior) is being drafted/implemented”.
Simone Bassano published a report on the OONI hackathon that took place in Rome at the start of October. A working beta version of MeasurementKit and progress on NetworkMeter, as well as ways to make use of censorship data, were among the outcomes.
This issue of Tor Weekly News has been assembled by Harmony.
Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!