.Onion Gets a Boost From IETF, IANA: Now It's a Special-Use Domain

← Back to Stories (view on slashdot.org)

.Onion Gets a Boost From IETF, IANA: Now It's a Special-Use Domain

Posted by samzenpus on Wednesday September 9, 2015 @11:31PM from the you-get-a-domain dept.

An anonymous reader writes: As tweeted by Jacob Appelbaum, the Internet Assigned Numbers Authority today listed .onion as a special-use domain, and the IETF approved a Draft RFC for the domain describing its intended uses. As described on the Facebook Over Tor page, "Jointly, these actions enable '.onion' as special-use, top-level domain name for which SSL certificates may be issued in accordance with the Certificate-Authority & Browser Forum 'Ballot 144' — which was passed in February this year. ... Together, this assures the validity and future availability of SSL certificates in order to assert and protect the ownership of Onion sites throughout the whole of the Tor network."

37 comments

Min score:

Reason:

Sort:

I was really hoping... by Anonymous Coward · 2015-09-09 23:40 · Score: 0

this was actually about .theonion
1. Re:I was really hoping... by Hognoxious · 2015-09-09 23:45 · Score: 4, Funny
  
  Area man pretends to give a shit.
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
2. Re:I was really hoping... by goodmanj · 2015-09-10 00:06 · Score: 3, Funny
  
  Y'know, a .theonion domain would be really useful: all satire websites could use it, and we could program browsers to add "[THIS IS SATIRE YOU MORON]" whenever my relatives paste a .theonion URL into Facebook.
3. Re:I was really hoping... by Ol+Olsoc · 2015-09-10 00:09 · Score: 2
  
  Y'know, a .theonion domain would be really useful: all satire websites could use it, and we could program browsers to add "[THIS IS SATIRE YOU MORON]" whenever my relatives paste a .theonion URL into Facebook.
  Which would immediately ruin all the fun when someone gets Onioned.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
4. Re: I was really hoping... by hackwrench · 2015-09-10 01:33 · Score: 2
  
  I don't know. Given past situations, people will manage to miss all the signs and post it as fact anyways.
5. Re:I was really hoping... by ripvlan · 2015-09-10 01:43 · Score: 1
  
  theonion.onion I love it!!!
  or is that redundant like slashdot dot org and it should become https://the.onion/ ?
6. Re:I was really hoping... by jrumney · 2015-09-10 03:36 · Score: 1
  
  With the overuse of technical jargon in jumbled sentences that don't really have any meaning, I'm sure the implication in the summary is that .onion is reserved for satire.
7. Re:I was really hoping... by Anonymous Coward · 2015-09-10 06:00 · Score: 0
  
  Onions have layers, so I guess it's layers of .onion, all the way down.
8. Re:I was really hoping... by Anonymous Coward · 2015-09-10 20:29 · Score: 0
  
  Will this mean there will be a www.theonion.onion? I have an even better idea... a TLD called "THE"?
  That way, I can point my browser at "https://the.theonion.onion" and not have anyone else be able to see which fake news stories I'm reading!
  Thanks. Your turn now.
Holy crap... by Ecuador · 2015-09-09 23:46 · Score: 2, Funny

Holy crap, I haven't read TFA of course, but does this mean they have devoted a top-level domain to parody news?

--
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
1. Re:Holy crap... by Anonymous Coward · 2015-09-09 23:54 · Score: 1
  
  Nah, that would be called .slashdot.
2. Re:Holy crap... by Anonymous Coward · 2015-09-09 23:55 · Score: 0
  
  If they had a / tld, we could actually have domain names ending in ./.
3. Re:Holy crap... by Calydor · 2015-09-10 00:08 · Score: 3, Funny
  
  slashdot dot slash dot slash story slash ...
  Ow my head.
  
  --
  -=This sig has nothing to do with my comment. Move along now=-
4. Re:Holy crap... by Anonymous Coward · 2015-09-10 00:34 · Score: 0
  
  I was thinking about that too.
  I sure hope they are able to grab "the.onion" and run with it.
5. Re:Holy crap... by Anonymous Coward · 2015-09-10 02:44 · Score: 0
  
  No, it's a top level domain for government watchlists...
6. Re:Holy crap... by jrumney · 2015-09-10 03:38 · Score: 1
  
  Mirrored on .dupe
7. Re:Holy crap... by Anonymous Coward · 2015-09-10 04:53 · Score: 0
  
  Go eat a "vidalia.onion"
8. Re:Holy crap... by markhb · 2015-09-10 07:26 · Score: 1
  
  http colon slash slash slashdot dot slashdot slash story slash tfa
  Now we just need to change "story" to "dot"....
  
  --
  Save Maine's economy: write stuff down. All comments are exclusively my own, not my employer.
SSL certs for .onion is awesome by iTrawl · 2015-09-09 23:59 · Score: 3, Interesting

Having the host of the .onion be verified in the real world, while keeping their users anonymous is a good thing. You really don't need to know _where_ in the world I am or what my IP address is when I come to your website. You might even be able to track my persona as usual, and serve me "relevant" ads as usual, but with no clue as to who I am or where I come from (unless I tell you), and that's fine too, while I can regenerate my persona (erase cookies and the like) at any point and start over.
What about Terry Wrist? You should get better at infiltration. Thinking everybody might be Terry Wrist and tapping them accordingly is just lazy, and the real Terry Wrist might still get away because you didn't look in the right place.

--
"Everybody's naked underneath" -- The Doctor
SSL certs for .onion is oxymoron by pikine · 2015-09-10 01:45 · Score: 2

The .onion domain is more geared towards websites run as hidden service so they cannot be identified. If you already use TOR, you can browse regular or hidden service websites anonymously already. The .onion domain protects the hidden service websites from being discovered. For example, SilkRoad ran as a hidden service which made it harder to trace who ran it (but it was eventually discovered by other social engineering means).
That makes SSL for .onion useless. SSL is for authenticating the operator's identity of the website. Why would a website simultaneously choose to be identified and not identified at the same time? That's oxymoron.

--
I once had a signature.
1. Re:SSL certs for .onion is oxymoron by userw014 · 2015-09-10 02:03 · Score: 1
  
  I would have thought that X.509 Certificates issued by the conventional Certificate Authorities for ".onion" sites would worse than useless as they'd violate the anonymity of the site.
2. Re:SSL certs for .onion is oxymoron by svanheulen · 2015-09-10 04:13 · Score: 2
  
  It would be useful to protect users of sites that have both a public site and a hidden service such as duckduckgo and facebook.
3. Re:SSL certs for .onion is oxymoron by iTrawl · 2015-09-10 10:30 · Score: 1
  
  I'm not talking about SilkRoad and MurderMeForCash or whatever, but for real world legal sites. Dread Pirate Roberts would never apply for an SSL ('cause that would be stupid) but legit sites that would like to serve the extremely paranoid too, would. The security of the connection is not the main purpose of that cert (Tor already takes care of that), but the confirmation of the identity of the site. fakebootrandomletters.onion would be unable to validate their identity as Facebook, so I don't get phished to hell if I stumble there for some reason.
  
  --
  "Everybody's naked underneath" -- The Doctor
4. Re:SSL certs for .onion is oxymoron by allo · 2015-09-12 06:59 · Score: 1
  
  you want to identify a domain with a server (not the other way round without the domain information first). SSL does that. You do not want to identify a server with a real ip (tor does this).
  And tor even prevents from correlating two domains at the same server.
5. Re:SSL certs for .onion is oxymoron by UnsignedInt32 · 2015-09-17 06:43 · Score: 1
  
  That makes SSL for .onion useless. SSL is for authenticating the operator's identity of the website. Why would a website simultaneously choose to be identified and not identified at the same time? That's oxymoron.
  Well, technically, they do not really need to verify the ownership of .onion address as only person who can run a service on that particular .onion address would be someone who has corresponding private key. So CA can blindly generate certificate for that .onion address, just to ensure that contents offered from that particular site is not modified in transit. (It indeed has very limited use cases, considering Tor already encrypts and is relatively harder to play MITM over the hidden service.) Perhaps SSL on .onion is more appealing to people like Facebook, who already have a presence on clearweb, but choose to offer hidden service version of the service.
Anonymous Services Compromised by NotARealUser · 2015-09-10 02:07 · Score: 1

Last time I checked, the reason you had an SSL certificate issued (as opposed to just generating a private one) was to validate the identity of the website. Services that run on .onion domains do so to remain anonymous.
One can already access "normal" websites through the Tor network, so I am really not sure what the point of all this is. I guess I would assume that if a site operator purchases a ".onion" certificate from a Certificate Authority, they do not understand the reasons for the security model. I would not trust such a site. One could assume that since the site owner's identity has been compromised (by their own volition) that the site itself is also to be untrusted.
Makes sense ... by jc42 · 2015-09-10 02:17 · Score: 2

In recent elections here in the US, we've been reading of studies showing that the voters who are most knowledgeable about the candidates and the issues are those who follow various satirical news sites. The Daily Show, the Colbert Report, the Onion, and even Wait Wait Don't Tell Me have been named as being highly correlated with informedness. So yes, it makes sense at least minimal sense to have a satire/parody/humor top-level domain.
Of course, Poe's Law applies even here, and we'll continue to see articles posted as fact, even when they're clearly labelled as satire by their URL.
What I'm looking forward to is someone setting up an actual news site there that specializes in stories that really seem like parody or saire, but are actually true. The world has enough such stories to keep at least a small team of journalists busy.
(And I do expect a reply to the above saying "correlation is not causation", so don't disappoint me ...)

--
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Foxnews.onion by marciot · 2015-09-10 03:02 · Score: 0, Troll

So we know it's not real news.
1. Re:Foxnews.onion by Anonymous Coward · 2015-09-10 04:57 · Score: 1
  
  Likewise msbnc.onion and cnn.onion :-p
2. Re:Foxnews.onion by jc42 · 2015-09-10 12:48 · Score: 1
  
  How about theonion.onion? Would that be a meta-site for faking fake news, and hiding the people that are thus releasing actual valid information disguised as satire? Sounds like a useful site for the world's whistle blowers ...
  (The folks over at theonion.com have been known to "complain" about all the dummies who post their stories as factual new reports. Maybe we could help them out here.)
  
  --
  Those who do study history are doomed to stand helplessly by while everyone else repeats it.
"What do you think about an .onion domain?" by swschrad · 2015-09-10 04:08 · Score: 1

"I haven't seen 'The Ride with Jim Anchower' lately. Will that bring it back?" -- Herkimer Q. Phosbot, Sewer Snake Cleaner

--
if this is supposed to be a new economy, how come they still want my old fashioned money?
Pseudonymous, not just Anonymous by billstewart · 2015-09-10 09:16 · Score: 1

SSL certs do multiple things - protecting your connection, but also demonstrating that you've connected to the destination you thought you did. That destination might be a well-known brand name, or it might be some random person, or it might be some website you don't care who's running it - but you might want to know that the "buy-drugs-here.onion" you're connecting to today is the same "buy-drugs-here.onion" you connected to yesterday. A self-signed cert doesn't always give you that.

--

Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
1. Re:Pseudonymous, not just Anonymous by allo · 2015-09-12 07:02 · Score: 1
  
  the .onion domain does guarantee this just as a certificate, because it's just a fingerprint of a key. (a certificate is a signature of the fingerprint plus identity information like a domain name).
The.onion reports ICANN haz cheeseburger by billstewart · 2015-09-10 09:24 · Score: 1

Obviously The Onion deserves special handling to make sure their brand name is protected - you wouldn't want to go to a website called "the.onion", find real news stories there, and assume they're fake. Think how badly that could be abused!
But the more interesting part of this story is that IETF and IANA seem to be asserting that they still have some control domain name system, even though ICANN appropriated it for themselves some years ago, and has tried to also control some IANA functions like IPv6 name space. (In case you weren't paying attention back when that happened, there was an "IETF Ad Hoc Committee" trying to expand the Top Level Domain space, and it had gotten as far as proposing an initial set of seven fairly lame TLDs to try out first, and even though the Trademark Gods had been able to have some influence over the IAHC's policies, such as getting them to ask for True Names and Addresses for whois so that trademark suits could be filed, that wasn't enough control for them so they started ICANN to be less responsive to the internet community and more responsive to the Intellectual Property racketeers.)

--

Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks