[cabfpub] Ballot 144 -.onion domains

Gervase Markham gerv at mozilla.org
Thu Feb 12 22:26:38 UTC 2015

Hi Kirk,

On 12/02/15 22:18, kirk_hall at trendmicro.com wrote:
> Ryan -- you are correct that concerns (1) and (2) are related -- (1)
> relates to accidental clashes that give different customers the same
> domain.  Gerv -- you are right, the change is extremely small -- but
> giving the same domain to different customers is something not allowed
> today, so it would be quite a change to allow it.

How unlikely would it need to be for you not to use the word "allow"?

At the moment, it's possible for two different customers to generate the
same public/private key pair, and so they would be able to impersonate
each other. But, assuming there's no flaws in the RNG, it is pretty
unlikely. Would you say that the CAB Forum "allows" this?

> This link has some information on the subject, but I really don’t
> understand the explanation of why clashes aren’t a concern.
> https://trac.torproject.org/projects/tor/wiki/doc/HiddenServiceNames   

Yes, I'm not sure I understand that either. Ryan?

> On (2) – this concern is of an intentional clash created by a hacker for
> evil purpose – a much more serious issue.  I notice that in Facebook’s
> existing .onion cert, they managed to get the following .onion domain:
> *.m.facebookcorewwwi.onion
> I’m sure that didn’t happen randomly, so there must have been some very
> serious computing that happened to get that particular 16 digit “random”
> hash of a Facebook public key, _facebookcorewwwi_.  

Yes, it did. Facebook are on record as saying that they threw a lot of
computing power at the problem, and then reviewed all the options
generated which started with "facebook" and picked the one they liked
best. The engineer said something like: "I feel we were very lucky in
generating a good name." I rather wish they hadn't, actually, because it
confuses people into thinking it's possible to just pick a good name and
use it, which it isn't.

> If Facebook can
> reverse engineer to get that .onion domain, couldn’t a hacker (or
> googlegoogle.onion, for another example) do the same and get a duplicate
> cert with the same domain?

No. What Facebook did was generate a lot of hashes starting "facebook",
reviewed them, picked the one they liked best and then invented a
"reason" for why it's that one: "Facebook's Core WWW Infrastructure".

However, generating a second one which exactly matched the name Facebook
picked is a much harder process.


More information about the Public mailing list