Jump to content

.onion

From Wikipedia, the free encyclopedia
(Redirected from.exit)

.onion
Introduced2004
TLDtypeHost suffix
StatusNot in root, but used by Tor clients, servers, and proxies
RegistryTor
Intended useTo designate an onion service reachable via Tor
Actual useUsed by Tor users for services in which both the provider and the user are anonymous and difficult to trace
Registration restrictionsAddresses are "registered" automatically by Tor client when an onion service is set up
StructureNames are opaque strings generated from public keys
Documents
Dispute policiesN/A

.onionis a special-usetop-level domainname designating an anonymousonion service,which was formerly known as a "hidden service",[1]reachable via theTornetwork. Such addresses are not actualDNS names,and the.onion TLD is not in theInternet DNS root,but with the appropriate proxy software installed, Internet programs such asweb browserscan access sites with.onionaddressesby sending the request through the Tor network.

The purpose of using such a system is to make both the information provider and the person accessing the information more difficult to trace, whether by one another, by an intermediate network host, or by an outsider. Sites that offer dedicated.onion addresses may provide an additional layer of identity assurance viaEV HTTPS Certificates.[citation needed]Provision of an onion site also helps mitigateSSL strippingattacks bymalicious exit nodeson the Tor network upon users who would otherwise access traditional HTTPSclearnetsites over Tor.[citation needed]

Format

[edit]

Addresses in the onion TLD are generally opaque, non-mnemonic,alpha-numerical strings which are automatically generated based on apublic keywhen anonion serviceis configured. They used to be 16 characters long for the V2 onion services and they are 56 characters long for V3 onion services.[2]These strings can be made up of any letter of the alphabet, and decimal digits from 2 to 7, representing inbase32either an 80-bithash( "version 2", or 16-character) or a 256-bited25519public key along with a version number and a checksum of the key and version number ( "version 3", "next gen", or 56-character). As a result, in the past all combinations of sixteen base32 characters could potentially be valid version 2 addresses (though as the output of a cryptographic hash, a randomly selected string of this form having a corresponding onion service should beextremely unlikely), while in the current version 3 only combinations of 56 base32 characters that correctly encoded an ed25519 public key, a checksum, and a version number (i.e., 3) are valid addresses.[3] It is possible to set up a partially human-readable.onion URL (e.g. starting with an organization name) by generating massive numbers ofkey pairs(a computational process that can beparallelized) until a sufficiently desirable URL is found.[4][5]

Beginning in October 2021, stable releases of Tor software no longer support V2 (16 character) addresses.[6]

The "onion" name refers toonion routing,the technique used by Tor to achieve a degree ofanonymity.

WWW to.onion gateways

[edit]

Proxies into the Tor network likeTor2weballow access to onion services from non-Tor browsers and for search engines that are not Tor-aware. By using a gateway, users give up their own anonymity and trust the gateway to deliver the correct content. Both the gateway and the onion service canfingerprintthe browser, and access user IP address data. Some proxies use caching techniques that claim to provide better page-loading[7]than the officialTor Browser.

.exit (defunct pseudo-top-level domain)

[edit]

.exitwas apseudo-top-level domainused byTorusers to indicate on the fly to the Tor software the preferredexit nodethat should be used while connecting to a service such as aweb server,without having to edit the configuration file for Tor (torrc).

The syntax used with this domain washostname+.exitnode+.exit,so that a user wanting to connect to http://www.torproject.org/ through nodetor26would have to enter the URLhttp://www.torproject.org.tor26.exit.

Example uses for this would include accessing a site available only to addresses of a certain country or checking if a certain node is working.

Users could also typeexitnode.exitalone to access the IP address ofexitnode.

The.exit notation was deprecated as of version 0.2.9.8.[8]It is disabled by default as of version 0.2.2.1-alpha due to potential application-level attacks,[9]and with the release of 0.3-series Tor as "stable"[10]may now be considered defunct.

Official designation

[edit]

The domain was formerly apseudo-top-level domainhost suffix, similar in concept to such endings as.bitnetand.uucpused in earlier times.

On 9 September 2015ICANN,IANAand theIETFdesignated.onion as a 'special use domain', giving the domain an official status following a proposal fromJacob Appelbaumof the Tor Project andFacebooksecurity engineerAlec Muffett.[11][12][13]

HTTPS support

[edit]

Prior to the adoption ofCA/Browser ForumBallot 144, anHTTPScertificate for a.onion name could only be acquired by treating.onion as an Internal Server Name.[14]Per the CA/Browser Forum's Baseline Requirements, these certificates could be issued, but were required to expire before 1 November 2015.[15]

Despite these restrictions,DuckDuckGolaunched an onion site with a self-signed certificate in July 2013;[16]Facebookobtained the first SSL Onion certificate to be issued by a Certificate authority in October 2014,[17]Blockchain.infoin December 2014,[18]andThe Interceptin April 2015.[19]The New York Timeslater joined in October 2017.[20]

Following the adoption of CA/Browser Forum Ballot 144 and the designation of the domain as 'special use' in September 2015,.onion meets the criteria for RFC 6761.[21]Certificate authorities may issue SSL certificates for HTTPS.onion sites per the process documented in theCA/Browser Forum's Baseline Requirements,[22]introduced in Ballot 144.[14]

As of August 2016, 13 onion domains are https signed across 7 different organisations viaDigiCert.[23]

See also

[edit]

References

[edit]
  1. ^Winter, Philipp."How Do Tor Users Interact With Onion Services?"(PDF).Retrieved27 December2018.
  2. ^"Intro to Next Gen Onion Services (aka prop224)".The Tor Project.Retrieved5 May2018.
  3. ^"Encoding onion addresses [ONIONADDRESS]".gitweb.torproject.org.Retrieved8 February2021.
  4. ^"Scallion".GitHub.Retrieved2 November2014.
  5. ^Muffett, Alec (31 October 2014)."Re: Facebook brute forcing hidden services".tor-talk(Mailing list). Simple End-User Linux.Retrieved2 November2014.
  6. ^"V2 Onion Services Deprecation".Tor Project | Support.Retrieved7 July2024.
  7. ^"Onion.cab: Advantages of this TOR2WEB-Proxy".Archived fromthe originalon 21 May 2014.Retrieved21 May2014.
  8. ^"Tor Release Notes".Retrieved4 October2017.
  9. ^"Special Hostnames in Tor".Retrieved30 June2012.
  10. ^"Tor 0.3.2.9 is released: We have a new stable series!".The Tor Project.Retrieved7 May2018.
  11. ^Willis, Nathan (10 September 2015)."Tor's.onion domain approved by IETF/IANA".LWN.net.
  12. ^Franceschi-Bicchierai, Lorenzo (10 September 2015)."Internet Regulators Just Legitimized The Dark Web".Retrieved10 September2015.
  13. ^"Special-Use Domain Names".Retrieved10 September2015.
  14. ^ab"CA/Browser Forum Ballot 144 – Validation rules for.onion names".18 February 2015.Retrieved13 September2015.
  15. ^"Baseline Requirements for the Issuance and Management Publicly-Trusted Certificates, v1.0"(PDF).Archived fromthe original(PDF)on 14 January 2016.Retrieved13 September2015.
  16. ^_zekiel (1 July 2013)."We've updated our Tor hidden service to work over SSL. No solution for the cert. warning, yet!".Reddit.Retrieved20 December2016.
  17. ^Muffett, Alec (31 October 2014)."Making Connections to Facebook more Secure".Retrieved11 September2015.
  18. ^Alyson (3 December 2014)."Improved Security for Tor Users".Retrieved11 September2015.
  19. ^Lee, Micah (8 April 2015)."Our SecureDrop System for Leaks Now Uses HTTPS".Retrieved10 September2015.
  20. ^Sandvik, Runa(27 October 2017)."The New York Times is Now Available as a Tor Onion Service".The New York Times.Retrieved17 November2017.
  21. ^Arkko, Jari (10 September 2015).".onion".Retrieved13 September2015.
  22. ^"Baseline Requirements Documents".4 September 2013.Retrieved13 September2015.
  23. ^Jamie Lewis, Sarah (7 August 2016)."OnionScan Report: July 2016 – HTTPS Somewhere Sometimes".Retrieved15 August2016.
[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=.onion&oldid=1233570497#.exit_(defunct_pseudo-top-level_domain)"