.Onion Gets a Boost From IETF, IANA: Now It's a Special-Use Domain 37
An anonymous reader writes: As tweeted by Jacob Appelbaum, the Internet Assigned Numbers Authority
today listed .onion as a special-use domain, and the IETF approved a Draft RFC for the domain describing its intended uses. As described on the Facebook Over Tor page, "Jointly, these actions enable '.onion' as special-use, top-level domain name for which SSL certificates may be issued in accordance with the Certificate-Authority & Browser Forum 'Ballot 144' — which was passed in February this year. ... Together, this assures the validity and future availability of SSL certificates in order to assert and protect the ownership of Onion sites throughout the whole of the Tor network."
Re:I was really hoping... (Score:5, Funny)
Area man pretends to give a shit.
"What do you think about an .onion domain?" (Score:2)
"I haven't seen 'The Ride with Jim Anchower' lately. Will that bring it back?" -- Herkimer Q. Phosbot, Sewer Snake Cleaner
Re:I was really hoping... (Score:4, Funny)
Y'know, a .theonion domain would be really useful: all satire websites could use it, and we could program browsers to add "[THIS IS SATIRE YOU MORON]" whenever my relatives paste a .theonion URL into Facebook.
Re: (Score:3)
Y'know, a .theonion domain would be really useful: all satire websites could use it, and we could program browsers to add "[THIS IS SATIRE YOU MORON]" whenever my relatives paste a .theonion URL into Facebook.
Which would immediately ruin all the fun when someone gets Onioned.
Re: I was really hoping... (Score:2)
Re: (Score:2)
theonion.onion I love it!!!
or is that redundant like slashdot dot org and it should become https://the.onion/ [the.onion] ?
Re: (Score:2)
The.onion reports ICANN haz cheeseburger (Score:2)
Obviously The Onion deserves special handling to make sure their brand name is protected - you wouldn't want to go to a website called "the.onion", find real news stories there, and assume they're fake. Think how badly that could be abused!
But the more interesting part of this story is that IETF and IANA seem to be asserting that they still have some control domain name system, even though ICANN appropriated it for themselves some years ago, and has tried to also control some IANA functions like IPv6 name
Holy crap... (Score:3, Funny)
Holy crap, I haven't read TFA of course, but does this mean they have devoted a top-level domain to parody news?
Re: (Score:1)
Nah, that would be called .slashdot.
Re:Holy crap... (Score:4, Funny)
slashdot dot slash dot slash story slash ...
Ow my head.
Re: (Score:2)
http colon slash slash slashdot dot slashdot slash story slash tfa
Now we just need to change "story" to "dot"....
Re: (Score:2)
Makes sense ... (Score:3)
In recent elections here in the US, we've been reading of studies showing that the voters who are most knowledgeable about the candidates and the issues are those who follow various satirical news sites. The Daily Show, the Colbert Report, the Onion, and even Wait Wait Don't Tell Me have been named as being highly correlated with informedness. So yes, it makes sense at least minimal sense to have a satire/parody/humor top-level domain.
Of course, Poe's Law applies even here, and we'll continue to see ar
SSL certs for .onion is awesome (Score:3, Interesting)
Having the host of the .onion be verified in the real world, while keeping their users anonymous is a good thing. You really don't need to know _where_ in the world I am or what my IP address is when I come to your website. You might even be able to track my persona as usual, and serve me "relevant" ads as usual, but with no clue as to who I am or where I come from (unless I tell you), and that's fine too, while I can regenerate my persona (erase cookies and the like) at any point and start over.
What about Terry Wrist? You should get better at infiltration. Thinking everybody might be Terry Wrist and tapping them accordingly is just lazy, and the real Terry Wrist might still get away because you didn't look in the right place.
SSL certs for .onion is oxymoron (Score:3)
The .onion domain is more geared towards websites run as hidden service so they cannot be identified. If you already use TOR, you can browse regular or hidden service websites anonymously already. The .onion domain protects the hidden service websites from being discovered. For example, SilkRoad ran as a hidden service which made it harder to trace who ran it (but it was eventually discovered by other social engineering means).
That makes SSL for .onion useless. SSL is for authenticating the operator's ident
Re: (Score:2)
I would have thought that X.509 Certificates issued by the conventional Certificate Authorities for ".onion" sites would worse than useless as they'd violate the anonymity of the site.
Re: (Score:2)
Re: (Score:1)
I'm not talking about SilkRoad and MurderMeForCash or whatever, but for real world legal sites. Dread Pirate Roberts would never apply for an SSL ('cause that would be stupid) but legit sites that would like to serve the extremely paranoid too, would. The security of the connection is not the main purpose of that cert (Tor already takes care of that), but the confirmation of the identity of the site. fakebootrandomletters.onion would be unable to validate their identity as Facebook, so I don't get phished t
Re: (Score:2)
you want to identify a domain with a server (not the other way round without the domain information first). SSL does that. You do not want to identify a server with a real ip (tor does this).
And tor even prevents from correlating two domains at the same server.
Re: (Score:1)
That makes SSL for .onion useless. SSL is for authenticating the operator's identity of the website. Why would a website simultaneously choose to be identified and not identified at the same time? That's oxymoron.
Well, technically, they do not really need to verify the ownership of .onion address as only person who can run a service on that particular .onion address would be someone who has corresponding private key. So CA can blindly generate certificate for that .onion address, just to ensure that contents offered from that particular site is not modified in transit. (It indeed has very limited use cases, considering Tor already encrypts and is relatively harder to play MITM over the hidden service.)
Perhaps SSL
Anonymous Services Compromised (Score:1)
Last time I checked, the reason you had an SSL certificate issued (as opposed to just generating a private one) was to validate the identity of the website. Services that run on .onion domains do so to remain anonymous.
One can already access "normal" websites through the Tor network, so I am really not sure what the point of all this is. I guess I would assume that if a site operator purchases a ".onion" certificate from a Certificate Authority, they do not understand the reasons for the security model. I
Pseudonymous, not just Anonymous (Score:2)
SSL certs do multiple things - protecting your connection, but also demonstrating that you've connected to the destination you thought you did. That destination might be a well-known brand name, or it might be some random person, or it might be some website you don't care who's running it - but you might want to know that the "buy-drugs-here.onion" you're connecting to today is the same "buy-drugs-here.onion" you connected to yesterday. A self-signed cert doesn't always give you that.
Re: (Score:2)
the .onion domain does guarantee this just as a certificate, because it's just a fingerprint of a key. (a certificate is a signature of the fingerprint plus identity information like a domain name).
Re: (Score:1)
Likewise msbnc.onion and cnn.onion :-p
Re: (Score:2)
How about theonion.onion? Would that be a meta-site for faking fake news, and hiding the people that are thus releasing actual valid information disguised as satire? Sounds like a useful site for the world's whistle blowers ...
(The folks over at theonion.com have been known to "complain" about all the dummies who post their stories as factual new reports. Maybe we could help them out here.)