On Sun, 2015-09-27 at 22:31 +0000, Jeremy Rand wrote:
On 09/27/2015 05:47 PM, Jeff Burdges wrote:
This is the first of two torspec proposals to help Tor work with Sepcial-Use TLDs, like the GNU Name system or NameCoin. The second part will be an anycast facility. - Jeff
Hi Jeff,
Thanks for working on this; Namecoin is definitely interested in this effort. I have one comment. SPV-based Namecoin clients will, under some circumstances, generate network traffic to other Namecoin P2P nodes containing names being looked up. To avoid linkability, stream isolation should be used so that different Namecoin lookups go over different Tor circuits if the lookups correspond to TCP streams that go over different Tor circuits. (Also, the choice of Namecoin nodes to peer with should be different for each identity.) Therefore, it seems to me that there should be a mechanism for Tor to provide stream isolation information to the naming systems that it calls, along with "new identity" commands.
The above issue doesn't affect full Namecoin clients, or SPV Namecoin clients that download the full unspent domain name set. I don't know enough about the GNU Name System to know how this issue affects it, if at all.
Thoughts on this?
Yes. I distrust running p2p applications not specifically designed for Tor over Tor. The GNU Name System will therefore run the DHT process on volunteer Tor exist nodes, much like how DNS queries are handled by exit nodes.
Imho, Namecoin should similarly develop a Tor Namecoin shim client that contacts special SPV Namecoin clients running on volunteer exit nodes. I'm working on a second torspec proposal that adds an AnycastExit option to simplify this.
In the long term, there are obviously concerns about bad exit nodes, especially if there are only like two exits supporting Namecoing or GNS, but currently so few people use GNS or Namecoin that we can probably ignore this.
Also, trivial spelling nitpick: "Namecoin" is typically spelled with a lowercase "c", like "Bitcoin".
Thanks!
Jeff