Naming Systems for Onion Services
This is a wiki page to organize knowledge about the various proposed naming systems for Onion Services. This page is meant to be used by researchers and developers interested in this topic.
What Are Naming Systems?
These are systems that map the big random-looking onion addresses into human readable names.
For example you can imagine the following useful map:
debian -> sejnfjrq6szgca7v.onion
so that users can just write
debian in their browser instead of having to remember that big string.
Desirable security properties include:
- Anonymous registrations
- Privacy-enhanced queries
- Strong integrity guarantees
- Globally-consistent mappings
- Distributed name management
Proposed Naming Systems
The Onion Name System, a New DNS for Tor Onion Services
OnioNS, pronounced "onions", is a privacy-enhanced and metadata-free DNS for Tor onion services. It is also backwards-compatible with traditional .onion addresses, does not require any modifications to the Tor binary or network, and there are no central authorities in charge of the domain names. OnioNS was specifically engineered to solve the usability problem with onion services. This project was described in the paper "The Onion Name System: Tor-Powered Decentralized DNS for Tor Onion Services", which was accepted into PoPETS 2017. OnioNS also supports load-balancing at a name level. Development currently takes place on Github.
- Anonymous registrations - PGP key is optional, no personal information required
- Privacy-enhanced queries - uses 6-hop circuits
- Strong integrity - server responses are verified with a Merkle tree
- Decentralized control - a random set of 127 periodically-rotating Tor nodes manage names and publishes the Merkle tree root
- Globally-unique domain names with consistent mappings
- Support for authenticated denial-of-existence responses
- Server-server communication uses circuits
- Preloaded with reserved names to avoid phishing attacks
- Uses the latest block in Bitcoin as a CSPRNG
- Resistant to Sybil attacks
- Resistant to computational attacks
- Users must install the software into the Tor Browser.
- Requires participation from Tor relay administrators.
- Users must trust a selection of Tor relays, Tor directory authorities, and Bitcoin during a query.
Namecoin is a fork of Bitcoin.
Namecoin holds names in a blockchain. Name registration costs a virtual unit, denominated in namecoins.
- Privacy-enhanced queries: full-node clients and FBR-C clients (full block receive for current registrations) do not generate network traffic on lookups
- Globally unique names
- Backed by computational proof-of-work
- Purely distributed control of names (does not rely on Tor directory authorities or Tor relays)
- Authenticated denial-of-existence for full-node clients and FBR-C clients (full block receive for current registrations).
- It is non-trivial to anonymously acquire Namecoins, which reduces the privacy of domain registration.
- Registrations are only pseudonymous unless Namecoin is used in conjunction with an anonymous blockchain such as Monero; decentralized exchanges between Monero and Namecoin are not yet deployed, so Monero to Namecoin exchanges require some counterparty risk.
- Full-node clients must download the blockchain, which may be impractical for some users, and becomes less usable as transaction volume increases.
- No authenticated denial-of-existence for clients that only download block headers (this can be fixed with a future softfork).
- Doesn't scale: it grows more secure but less usable as it becomes more popular.
GNU Name System (GNS)
GNS uses a hierarchical system of directed graphs. Each user is node in the graph and they manage their own zone.
- Peer-to-peer design.
- Individuals are in charge of name management.
- Resistant to large-scale Sybil attack.
- Resistant to large-scale computational attack.
- No guarantee that names are globally unique.
- Difficult to choose a trustworthy zone.
- The selection of a trustworthy zone centralizes the system.
TBB addon that does onion bookmarks
Basically introduce the workflow where our users are supposed to bookmark their onions so that they remember them next time. A smart addon here could do it automatically for the users, or something.
- Need to keep list (or hashes) of visited onions on the client's machine.
Centralized first-come-first-served name cache run by a dirauth
Just run a NamingAuth on the network where HSes can go and register their names. Clients can query the NamingAuth direct, and can also cadd alternative naming auths.
A bit like the I2P naming system? (https://geti2p.net/hosts.txt)
- Simple and easy.
InterPlanetary Naming System
A naming system for IPFS. Can suit for .onion too.
To be evaluated
To be evaluated.
Files with aliases
Just hosts-like files with pairs . Widespread in I2P.
- Name resolution is done locally.
- Involves trust to everyone involved in list making.
- Markable. Malicious service can give different users different aliases.