Re: [tor-dev] Support for full DNS resolution and DNSSEC validation

Alexander Færøy: > Hey, > > On 2020/05/15 16:36, Jeremy Rand wrote: >> The Prop279 spec text is ambiguous about whether the target is required >> to be a .onion domain, but the implementations (TorNS and StemNS) do not >> have that restriction. TorNS and StemN

Re: [tor-dev] Support for full DNS resolution and DNSSEC validation

Alexander Færøy: > Hey Jeremy, > > On 2020/05/15 15:53, Jeremy Rand wrote: >> FYI I already wrote a Prop279 provider that looks up the names via DNS >> (it's aptly named "dns-prop279"); it does pretty much exactly what you >> describe. It doesn't h

Re: [tor-dev] Support for full DNS resolution and DNSSEC validation

though I've never tried testing that feature. I originally wrote dns-prop279 for Namecoin purposes, but I see no reason it couldn't be used to achieve DNSSEC support in Tor. If there's interest in pursuing this, let me know, I'm happy to contribute. Code is at https://github.

Re: [tor-dev] Exposing onion service errors to Tor Browser

eady has access to. The security properties of onion services can't be changed by this -- if they could be, then this would be security by obscurity, which is a scam that the Tor devs (and any other legitimate software developers) don't engage in. Cheers, -- -Jeremy Rand Lead Application En

Re: [tor-dev] Exposing onion service errors to Tor Browser

#x27;s important to prepare for in advance?), but I figured it's worth at least getting it onto your radar. Cheers, -- -Jeremy Rand Lead Application Engineer at Namecoin Mobile email: jeremyrandmob...@airmail.cc Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C Send non-securi

Re: [tor-dev] Timing of opening pre-emptive circuits?

nks for the references! > If this thread model is interesting to you or your project(s), you can > take Paul's ideas from [2] and write a patch. It is also going to need a > proposal before it will be merged into Tor but at least there will be > some action ;) At this time it's un

[tor-dev] Timing of opening pre-emptive circuits?

t but haven't gotten to it yet") for the lack of mitigation? Cheers, - -- - -Jeremy Rand Lead Application Engineer at Namecoin Mobile email: jeremyrandmob...@airmail.cc Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C Send non-security-critical things to my Mobile with O

Re: [tor-dev] Per-peer stream isolation for Bitcoin clients

motivation for my inquiry was to determine if I should be submitting patches to those clients to make them mimic what Bitcoin Core does). Using a torrc setting would probably provide some useful defense-in-depth in case a Bitcoin client isn't doing stream isolation on its own. Cheers, - --

[tor-dev] Per-peer stream isolation for Bitcoin clients

I am CC'ing Patrick from Whonix in case he wants to weigh in.) Cheers, - -- - -Jeremy Rand Lead Application Engineer at Namecoin Mobile email: jeremyrandmob...@airmail.cc Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C Send non-security-critical things to my Mobile with OpenPGP. Please

Re: [tor-dev] Tor Messenger

he still-developed project Ricochet; Tor Messenger is an Instantbird fork (similar to how Tor Browser is a Firefox fork). (I don't have any answer to your actual question, which I guess is about TorChat, hopefully someone else will chime in on that.) Cheers, - -- - -Jeremy Rand Lead Applicat

[tor-dev] Namecoin resolution for Tor Prop279

k. Cheers, - -- - -Jeremy Rand Lead Application Engineer at Namecoin Mobile email: jeremyrandmob...@airmail.cc Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C Send non-security-critical things to my Mobile with OpenPGP. Please don't send me unencrypted messages. My bus

Re: [tor-dev] Names for your onions

tedly the documentation is pretty weak at the moment (and it hasn't gotten much testing), but maybe you'll find it interesting. Feel free to play around with the code and/or ask questions and/or submit bug reports/patches. Cheers, - -- - -Jeremy Rand Lead Application Engineer at Namecoi

Re: [tor-dev] Prop279 and DNS

uses DNS to talk to Namecoin software, but the difficulty of doing stream isolation properly with DNS and the rather large set of DNS features that have no relevance to many Prop279 providers suggest that it's unwise to force that coupling. Cheers, - -- - -Jeremy Rand Lead Application Enginee

Re: [tor-dev] Prop279 and DNS

would also be useful for OnioNS and GNS, but I guess that it would be beneficial for DNSSEC. Anyway, I don't have a strong view on whether using DNS as the abstraction protocol is the right choice -- but it's good to have the discussion, I think. Cheers! -- -Jeremy Rand Lead Appli

[tor-dev] Experimental Namecoin naming for Tor

things to your Tor instance (and I make no guarantees that it's properly sanitizing the input that's passed to Tor's control port). Huge thanks to Jesse for OnioNS (on which this code is based), and also thanks to Nick for sharing helpful info on this mailing list. Let me know ho

Re: [tor-dev] Prop279 and DNS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Jesse V: > On 04/03/2017 05:01 PM, Jeremy Rand wrote: >> Maybe this topic has already been brought up, but in case it >> hasn't, I'll do so. I notice that Prop279 (onion naming API) >> defines its own API rather tha

Re: [tor-dev] GSoC: Support all kinds of DNS queries

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Daniel Achleitner: > On 2017-04-02 05:22, Jeremy Rand wrote: >> (Thinking out loud.) It would be interesting to have some kind >> of algorithm agility here. For example, a Tor client could send >> a request for a Namecoin doma

Re: [tor-dev] Comments on proposal 279 (Name API)

damage this can do in practice, but caution is warranted in the absence of evidence. Maybe looking up a few junk names immediately after initial boot would be sufficient to fix this. > We should probably add a security notes section for how to write > plugins that aren't dangerous: a

[tor-dev] Prop279 and DNS

e there would be complexity in implementing stream isolation?). Anyway, just figured I'd bring up the topic so that everyone's on the same page regarding figuring out whether it's a good idea. Cheers, - -- - -Jeremy Rand Lead Application Engineer at Namecoin Mobile email: jeremyrandmob.

Re: [tor-dev] GSoC: Support all kinds of DNS queries

mecoin domain name, and the exit relay would return a Namecoin merkle proof in the same way that it would return a DNSSEC signature if were a DNS doman name. Cheers, - -- - -Jeremy Rand Lead Application Engineer at Namecoin Mobile email: jeremyrandmob...@airmail.cc Mobile PGP: 2158 0643 C13B B40

Re: [tor-dev] Rethinking Bad Exit Defences: Highlighting insecure and sensitive content in Tor Browser

string that looks like a .onion URL or a Bitcoin address, even if they're not links. Cheers, - -- - -Jeremy Rand Lead Application Engineer at Namecoin Mobile email: jeremyrandmob...@airmail.cc Mobile PGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C Send non-security-critical things to my M

Re: [tor-dev] [RFC] Proposal for the encoding of prop224 onion addresses

Aaron Swartz made some compelling arguments that Greg Maxwell's proof of impossibility of decentralized consensus algorithms also applies to Zooko's Triangle.) Cheers, -Jeremy Rand signature.asc Description: OpenPGP digital signature ___ tor-d

Re: [tor-dev] Proposal 274: A Name System API for Tor Onion Services

teor: > >> On 12 Oct 2016, at 09:29, Jesse V wrote: >> >> On 10/11/2016 12:53 AM, Jeremy Rand wrote: >>> It's also worth noting that it's been hard enough to get IETF to accept >>> .bit (that effort stalled) -- adding a bunch of other TLD&#

Re: [tor-dev] Scheduling future Tor proposal reading groups

George Kadianakis: > Hello people, > > in the beginning of 2016 we started organizing little-t-tor proposal > reading groups in IRC, where we would discuss the current status of Tor > proposals and coordinate on how to move them forward. You can see a list > of previous such meetings here: >

Re: [tor-dev] Proposal 274: A Name System API for Tor Onion Services

Jesse V: > On 10/08/2016 08:50 AM, 61wxg...@vfemail.net wrote: >> How about specifying whether the Namecoin domain should point to .onion >> or clearnet in the domain? We can require that TLDs for such service >> must end in either: >> >> o o: The name points to a .onion name. >> >> o i: The name

Re: [tor-dev] Proposal 274: A Name System API for Tor Onion Services

i9nvr...@tutanota.com: > Hi, > > Why run a separate process instead of using unix socket or TCP socket? > >> Since a Namecoin domain can point to IP addresses and ICANN-based DNS >> names in addition to onion service names, and a Namecoin domain owner >> might wish to switch between these configu

Re: [tor-dev] Proposal 274: A Name System API for Tor Onion Services

David Fifield: > So here, the browser thinks it is connecting to debian.zkey (the URL bar > says "debian.zkey"). But Tor is really connecting to sejnfjrq6szgca7v.onion > in the background. What name does the browser put in its Host header? It > can't be the onion name, because there's no feedback f

Re: [tor-dev] Proposal 274: A Name System API for Tor Onion Services

ra TCP port listening on the onion service, an HTTP header sent by the onion service, or some other mechanism is an open question. A.2 > g) Namecoin/Blockstart I'm not sure what Blockstart is; is that intended to be Blockstack? Cheers, -Jeremy Rand (Lead Application Engineer at Namecoin)

Re: [tor-dev] Proposal 273: Exit relay pinning for web services

Philipp Winter: > The proposal is in draft state. We have several open questions that we > are still wrestling with in Section 2.6. Any feedback is greatly > appreciated. You can track the evolution of our proposal online: > Hi Philipp, It might

Re: [tor-dev] Naming Systems wiki page

Jesse V: > On 09/27/2016 10:05 AM, Jeremy Rand wrote: >> Namecoin also can be used for name-level load balancing, although I >> haven't really carefully considered the anonymity effects of the load >> balancing (e.g. does it open the risk of fingerprinting?), so that &g

Re: [tor-dev] Naming Systems wiki page

Jesse V: > On 09/27/2016 02:27 AM, Jeremy Rand wrote: >> Hello! I just had a chance to look through the latest state of the wiki >> page (thanks to everyone who's been expanding it). I've added several >> items to the security properties and drawbacks sections

Re: [tor-dev] Naming Systems wiki page

Jesse V: > On 09/27/2016 02:39 AM, Jeremy Rand wrote: >> Relatedly -- I had some trouble summarizing some of the items in the >> Namecoin section because the security, privacy, and scalability >> properties of Namecoin are somewhat different depending on whether the >>

Re: [tor-dev] Naming Systems wiki page

Jeremy Rand: > George Kadianakis: >> >> I made a wiki page for Naming Systems here: >> https://trac.torproject.org/projects/tor/wiki/doc/OnionServiceNamingSystems >> >> Feel free to start adding information and links and make it look nicer. >> >>

[tor-dev] Naming Systems wiki page

George Kadianakis: > > I made a wiki page for Naming Systems here: > https://trac.torproject.org/projects/tor/wiki/doc/OnionServiceNamingSystems > > Feel free to start adding information and links and make it look nicer. > > Let's try to build a good knowledge base that will help us take info

Re: [tor-dev] prop224: Ditching key blinding for shorter onion addresses

fficial. > > We really need to start serious work in this area ASAP! Maybe let's start by > making a wiki page that lists the various potential solutions (GNS, Namecoin, > Blockstack, OnioNS, etc.)? I'd be happy to provide feedback on the Namecoin section of such a w

Re: [tor-dev] How to integrate an external name resolver into Tor

Hmm, this message that I sent 2 days ago doesn't seem to have come through. Apologies if anyone receives it more than once. wire...@sigaint.org: > Blockchain addressing has some serious issues that will stand in the way > of wide adoption. > > The need for payment already makes this out of reach

Re: [tor-dev] Onioncat and Prop224

grarpamp: > Hi Jeremy. Hey grarpamp, Sorry for the delayed reply. > In regard your post 'Tor and Namecoin' here... > https://lists.torproject.org/pipermail/tor-dev/2016-July/011245.html > > In this thread prefixed 'Onioncat and Prop224' started and > spanning from here through now... > https://

Re: [tor-dev] How to integrate an external name resolver into Tor

Nick Mathewson: > On Tue, Aug 2, 2016 at 5:10 PM, Jeremy Rand wrote: >> Nick Mathewson: >>> Hi, all! >>> >>> I've seen a couple of emails from people looking into new ways to do >>> naming for onion services. That's great! Before anybody ge

Re: [tor-dev] Tor and Namecoin

Yaron Goland: > I'm also a noob, so just to be clear, is the goal here to adopt namecoin as a > naming mechanism for hidden services or is the goal to enable a generic > extension mechanism where multiple different naming solutions can be > experimented with and namecoin wants to build the code

Re: [tor-dev] How to integrate an external name resolver into Tor

Nick Mathewson: > Hi, all! > > I've seen a couple of emails from people looking into new ways to do > naming for onion services. That's great! Before anybody gets too > far, I'd like to send this quick note to let you know that integrating > stuff like this into Tor is actually easier than you t

Re: [tor-dev] Tor and Namecoin

George Kadianakis: > > Hello Jeremy, Hi George, thanks for the reply. > I'm a big noob when it comes to blockchains, namecoin, SPV clients and such, > so > I'm mainly going to focus on how to integrate this with Tor. I know this isn't necessarily needed given that this would start out as an op

[tor-dev] Tor and Namecoin

is really good with reproducible builds (you probably know him since he's the author of the Debian guest support in Gitian), so I'm reasonably confident that a way to do it can be found. I'd love to hear feedback on all of this. Cheers, -Jeremy Rand Lead Application Engineer of Name

[tor-dev] Go version in Gitian descriptors

no one tried it? Cheers, - -Jeremy Rand -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJWifxjAAoJEAHN/EbZ1y0686cP/3kdRz3va8dZ056j4x9k+sd7 XJsfsj9eWJ/tPxdpppPsBIoseTVNrPSCOB/cJ/bc0Xl75KGQkHFsmGusnUp6kg9L bwJK8wcNoO+s5EjjiY/Rk39UQTNJ3YKOaanvUnGXolYy4LtgU

Re: [tor-dev] Special-use-TLD support

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/29/2015 07:39 AM, Jeff Burdges wrote: > On Tue, 2015-09-29 at 00:59 +0000, Jeremy Rand wrote: > >> The issue I do see is that SPV validation doesn't work well >> unless you ask multiple peers to make sure that you'

Re: [tor-dev] Special-use-TLD support

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/28/2015 01:34 PM, Jeff Burdges wrote: > On Sun, 2015-09-27 at 22:31 +0000, Jeremy Rand wrote: >> >> Hi Jeff, >> >> Thanks for working on this; Namecoin is definitely interested in >> this effort. I have

Re: [tor-dev] Special-use-TLD support

GNU Name System to know how this issue affects it, if at all. Thoughts on this? Also, trivial spelling nitpick: "Namecoin" is typically spelled with a lowercase "c", like "Bitcoin". Thanks again for working on this! Cheers, - -Jeremy Rand -BEGIN PGP SIGNATUR

Re: [tor-dev] Reproducibility of Pluggable Transports python.msi

tor-browser-bundle.git/tree/gitia n/descriptors/windows/gitian-pluggable-transports.yml A number of Go projects are built in that Gitian script. It looks pretty straightforward. (I haven't tested that Gitian script for determinism, but I assume that Tor wouldn't be using it if it weren't

Re: [tor-dev] Reproducibility of Pluggable Transports python.msi

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/09/2015 06:43 PM, Brandon Wiley wrote: > Another option here, besides getting python to build in gitian is > to phase out support for python-based pluggable transports. It's > something to consider at least. Which transports are still only > av

Re: [tor-dev] Reproducibility of Pluggable Transports python.msi

ng Python), but maybe they'll learn something from your notes, and maybe they'll be able to move things forward. Cheers, - -Jeremy Rand -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJV7OrfAAoJEAHN/EbZ1y06MgsP/ji+pb+yq5s4JgSxErv4ChRh VXhhtmtTG4bP4IaGq0FPRcBDh6wPMQJaXxWJ

[tor-dev] Reproducibility of Pluggable Transports python.msi

d just still on the to-do list? I don't see any relevant ticket on Trac. Thanks, - -Jeremy Rand -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJV7Mt1AAoJEAHN/EbZ1y06nL8QAM4qhFMupoippBIvI4JwlLZ6 Vf4wNWA2/IY+62DQ4hpkPRPX/vT48lJIJnPXUxQ427ru

Re: [tor-dev] Future Onion Addresses and Human Factors

nk you will find that a number of users are unlikely to exclusively use bookmarks and not use web links. Hyperlinks are an incredibly useful feature which many users are not going to throw out. From what I can tell, your argument makes certain assumptions. Making other assumptions changes the resul

Re: [tor-dev] Future Onion Addresses and Human Factors

a .onion name changes. So this isn't really a clear win for .onion -- it's a tradeoff, and which is more "secure" depends on which end users we're talking about, and what threat model we're dealing with. There are probably a significant number of cases where Namecoin (o

Re: [tor-dev] Dumb or-ctl-filter tricks (Was: [tor-talk] SOCKS proxy to sit between user and Tor?)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/03/2015 04:07 PM, Yawning Angel wrote: > Hello, > > I just pushed a fairly large update to or-ctl-filter, that lets you > do lots of interesting things, most of them probably unsafe. In > particular or-ctl-filter now ships with a SOCKS5 clie

Re: [tor-dev] Namecoin .onion to .bit linking

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 05/20/2015 04:36 AM, Fabio Pietrosanti (naif) - lists wrote: > > > On 5/19/15 4:43 PM, Jeremy Rand wrote: >> Hello Tor-Dev, >> >> One of the criticisms of Namecoin which seems to be raised >> sometimes is

Re: [tor-dev] Namecoin .onion to .bit linking

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 05/19/2015 03:31 PM, OnioNS Dev wrote: > > >> On 05/19/2015 10:02 AM, Daniel Martí wrote: >>> I'm not familiar with Namecoin, but I thought I'd just point >>> out that someone will be working on OnioNS, the onion name >>> system, as part of the

Re: [tor-dev] Namecoin .onion to .bit linking

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 05/19/2015 10:02 AM, Daniel Martí wrote: > I'm not familiar with Namecoin, but I thought I'd just point out > that someone will be working on OnioNS, the onion name system, as > part of the SoP in Tor. The person who will be working on it just > s

[tor-dev] Namecoin .onion to .bit linking

o endorsing domain.bit, and not being a revocation of that .bit domain) in a way that won't open up attacks on the .onion key's normal protocol usage? I'll write up a more formal spec after feedback is received, just to make sure I'm not missing some important d

Re: [tor-dev] Of CA-signed certs and .onion URIs

en recently went to the latest > IETF in Hawaii to discuss it with some folks in person and we're > going to update it after we review his feedback. > > All the best, Jacob Good to hear that it's still being worked on; the Namecoin guys were getting a little worried that

Re: [tor-dev] Potential projects for SponsorR (Hidden Services)

> and then filter it to decide the future deliverables of SponsorR. Hi, Is it worth mentioning Namecoin under section 4, since other naming systems are mentioned? Cheers, - -Jeremy Rand -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJUdQwxAAoJEFgMI9bDV/9q6vwI

Re: [tor-dev] [HTTPS-Everywhere] "darkweb everywhere" extension

(CCing to Namecoin dev list.) - -Jeremy Rand Lead Application Engineer, Namecoin Project On 11/02/2014 11:48 PM, yan wrote: > +tor-dev. tl;dr: Would be nice if there were an HTTP response > header that allows HTTPS servers to indicate their .onion domain > names so that HTTPS Everywher

Re: [tor-dev] Potential projects for SponsorR (Hidden Services)

//geti2p.net/en/docs/naming > Namecoin is playing around with a decentralized way of doing this. We'd be happy to work with Tor in this area. Cheers, - -Jeremy Rand -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJURUjNAAoJEFgMI9bDV/9qy3MH/2rf49cmo15GhVjF0nKeWQrq 2xg3waZiIRq5w

Re: [tor-dev] Interested in GSoC - Hidden Service Naming or Hidden Service Searching

deadline? Or should I just post a link in an e-mail to the Tor-Dev list? Also, does Tor prefer proposals in plain text, PDF, or some other format? Thanks, -Jeremy Rand ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi

Re: [tor-dev] Interested in GSoC - Hidden Service Naming or Hidden Service Searching

On 03/02/2014 09:33 PM, Damian Johnson wrote: Hi Jeremy. I'll leave the rest of the questions to George but as for this one, yes. It's perfectly fine to apply to multiple projects (or multiple orgs). Be wary though about spreading yourself too thin. Submitting a fistful of poor proposals wouldn

Re: [tor-dev] Interested in GSoC - Hidden Service Naming or Hidden Service Searching

#x27;s tough competition for one project I can still be considered for the other? Or does GSoC only permit one proposal per student per organization? Thanks, -Jeremy Rand ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

[tor-dev] Interested in GSoC - Hidden Service Naming or Hidden Service Searching

while I haven't touched the YaCy source code, I think I'm a good match for this project. Do either of these sound like good proposals? Is one significantly more likely to be approved than the other, so that I know which to submit? Thanks, -Jeremy Rand _