[cabfpub] Ballot 144 -.onion domains

[Gervase Markham]

On 13/02/15 16:28, kirk_hall at trendmicro.com wrote:
> Thanks, Gerv – but if it wasn’t too hard for Facebook to generate
> multiple “facebook” .onion domains (presumably using automated methods),
> I’m not convinced it would be hard for hackers. 

I will again try and convince you that the laws of probability mean it
would be extremely, extremely hard -> impossible.

> And I’m still troubled
> that the .onion plan allows multiple customers to obtain the same .onion
> domain (meaning there could be multiple certs for the same .onion domain
> that belong to different subjects).

I don't think that's true, for any useful meaning of the term "allow".

There is a level of "vanishingly unlikely" which we can equate to
"impossible".

If I wanted to get a cert for facebookcorewwwi.onion, I would need to
generate approximately 2^80 certificates to have a reasonable chance of
finding one with the right hash. 2^80 is:

120,892,581,961,463,000,000,000.

That's approximately a million times the number of grains of sand in the
world. Making some estimates, it would require Amazon to run all of
their 2 million AWS machines generating only keypairs for a thousand years.

So it's possible that if I just start generating certs, I might get one
which matches, but it's vanishingly unlikely for any reasonable
scenario, even if I have lots and lots of computers and lots and lots of
money.

> •                    For some reason, regular TLD certs (like .com
> certs) won’t work after Tor users go through the Tor blender.  [Does
> anyone know why that is the case?]

Because unless CAs issue for .onion, the domain name in any certificate
the site is able to obtain doesn't match the domain name they are using.

> •                    But for some reason, Internal Name .onion certs
> **do** work for Tor users after they go through the Tor blender.  [Does
> anyone know why this is so?]

Because the domain names match.

> •                    Tor does not want to apply for .onion as a TLD, and
> does not want to be the registrar for .onion [Why not?  That would solve
> everything by making .onion a TLD, so all the current CA rules could
> apply. 

It is not meaningful to have a "registrar" for a namespace where
everyone picks their own name, at random, by generating a keypair.

> •                    The Tor process for assigning .onion domains does
> not require domains to be unique.

The laws of chance, as noted above, means that a collision is highly,
highly, highly unlikely.

> If two or more website owners receive the same .onion domain (either by
> accident, or by design of some of the website owners who choose what
> their .onion domain will be, like Facebook did), 

As noted in previous emails, it would require gargantuan computing power
to obtain a cert which matched an existing cert.

Gerv