Other good news: no one registered for .onion, and it's going to be several years until the next round of applications open. Hopefully by then, the process will be much smoother than this time around.
It's possible that next time around, Tor could apply for .onion, and use it as a tor2web portal - but even if a lot of engineering effort was put in[0] - a user visiting aabbccddee.onion in a normal web browser would leak its DNS request, and an observer would know exactly who they were trying to browse to. That's not an issue with tor2web mode, because it's only the HS, not the user, trying to be anonymous. But trying to keep the user anonymous when visiting a .onion would be extremely difficult, if not impossible. But then again, on the flip side, if a user visits aabbccddee.onion without using either a Tor DNs Proxy or TBB, that .onion DNS request is still leaked. So maybe the threat model becomes "We know we can't protect users trying to visit a .onion without/with-misconfigured Tor, so perhaps we want to at least enable the functionality, and hide what the user is doing on the HS'. Obviously there's a mess of holes with this, but I'm just thinking aloud, and if the idea of exposing HS to the normal web through .onion is desirable, we could start brainstorming in advance of the several hundred pages of paperwork applying for a gTLD requires. -tom [0] If every DNS Request returned the IP of Entry Guard or similar node, along with a DANE record, and a DPF policy of 'Always use SSL', the client would connect to the IP hardcoded to use SSL with a pre-arranged certificate. They would then request the resource of the hidden service (let's say '/'). That Entry Guard would hold all the information: the client connecting, and the resource requested. This is obviously nowhere-near-ideal, but for a 'Let everyone use any browser' situation, I'm not sure how to avoid it. That Entry Guard would then route the request through the Tor network, potentially padding it. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
