Skip to content

Reword Namecoin / Tor Onion Services FAQ entry for ease of reading #577

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
yanmaani wants to merge 2 commits into
base: beta
Choose a base branch
from
Open

Reword Namecoin / Tor Onion Services FAQ entry for ease of reading #577

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
af64c82
Reword Namecoin / Tor Onion Services FAQ entry for ease of reading
yanmaani Aug 31, 2020
79cb86c
New line for each sentence
yanmaani Aug 31, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion docs/faq/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,16 @@ No. Namecoin's merged mining can use *any* Hashcash-SHA256D blockchain as a par

### How does Namecoin compare to Tor Onion Services?

The Tor Project's Onion Services (which have a `.onion` top-level domain) use domains which are a public key hash. This means that their domain names are not human-meaningful, whereas Namecoin domain names are human-meaningful. Namecoin's `.bit` domains can point to `.onion` domains, providing a human-meaningful naming layer on top of Tor Onion Services. Blockchain-based systems like Namecoin are, at this time, unable to match the cryptographic security guarantees (against impersonation or deanonymization attacks) that systems like Onion Service names provide when used directly, but Namecoin's human-meaningful names do make Namecoin more resistant than Onion Service names to some classes of attacks that exploit human psychology rather than breaking cryptography. For example, humans have trouble remembering a public key hash or recognizing a public key hash as the correct one; this is much better with meaningful names such as Namecoin names (or DNS names). Attackers can exploit this property of Onion Service names in order to trick users into visiting the incorrect website. We believe that both systems serve a useful purpose, and determining whether direct usage of Onion Service names or Namecoin naming for Onion Services is more secure for a given user requires consideration of that user's threat model.
The Tor Project's Onion Services, with the `.onion` top-level domain, use domain names that are hashes of public keys.
This means that their domain names are not human-meaningful, unlike Namecoin's.
Namecoin’s `.bit` domains can point to `.onion` domains.
This makes it possible to give human-meaningful names to Tor Onion Services.
Copy link
Member

@JeremyRand JeremyRand Oct 9, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer to retain the word "layer" here, as it invokes the good engineering practice of layering protocols.

Copy link
Author

@yanmaani yanmaani Oct 9, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes it possible to use Namecoin as a naming layer, to give human-meaningful names to Tor Onion Services.

Would that work?


Right now, blockchain-based systems like Namecoin are less secure against impersonation and deanonymization attacks than systems like Onion Service names, used directly, are.
Copy link
Member

@JeremyRand JeremyRand Oct 9, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The existing text emphasizes that the cryptographic security of Namecoin is weaker than that of onion services; this is a reference to the fact that Namecoin relies on game-theoretic security in combination to cryptographic security, which is weaker than purely cryptographic security (as onion services use). I do not think it's accurate to say that Namecoin is less secure (in the general sense) against impersonation, because phishing attacks and other kinds of UX-related vulnerabilities are a form of impersonation.

Copy link
Author

@yanmaani yanmaani Oct 9, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's fair. How about just explaining the vulnerabilities in further detail?

Block chain systems like Namecoin are less secure against some deanonymization and impersonation attacks than direct cryptographical systems like Onion Service names.

With Onion Service names, nobody can impersonate you unless they either steal your key or there's a break in the underlying cryptography. Namecoin's security is only game-theoretic; even if your keys are safe, a miner with infinite resources could steal your domain.

When you register a Namecoin name, anyone can trace this like they could a Bitcoin transaction. This could compromise your anonymity, depending on from where you got the namecoins.

However, Namecoin's human-meaningful names protect against phishing attacks better; it's much easier to remember a meaningful name than an arbitrary public key.
Copy link
Member

@JeremyRand JeremyRand Oct 9, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Again, the existing text emphasizes that cryptographic attacks and psychological attacks are both real classes of attacks; we should preserve that information.

Copy link
Member

@JeremyRand JeremyRand Oct 9, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And this text should be preserved: "Attackers can exploit this property of Onion Service names in order to trick users into visiting the incorrect website."

Copy link
Author

@yanmaani yanmaani Oct 9, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's better to explain it in detail. How about this?

On the other hand, Namecoin's human-meaningful names protect better against phishing attacks; it's much easier to remember a name that has meaning to you, like namecoin.bit, than an arbitrary string of characters, like namecoinf358fqe4z99u81bkojwcsn8qyogb4f8i9hzkmdnrw84bb7hd.onion. There are attacks where scammers generate onion names that look similar to existing websites', but that point somewhere else. Since there's no meaning or structure to them, many users can't tell the real and fake names apart unless they look closely.

We should probably use our real onion, though. Maybe there is a nice picture somewhere showing what a phishing attempt looks like.


We believe that both systems serve a useful purpose.
To determine whether it's more secure for you to directly use Onion Service names or to point a Namecoin name to your Onion Service, you have to consider your threat model individually.

### How does Namecoin compare to Let's Encrypt?

Expand Down