Tor gains extra security as .onion becomes Special-Use Domain Name

Tor logoTor -- The Onion Router -- is used as a way of browsing the web (more) anonymously. Most well-known for providing access to what has become known as the Dark Web, Tor has faced competition from other secure browsing systems such as HORNET. But now it is set to benefit from key changes that will improve security and have further implications.

Engineering Task Force (IETF) along with Internet Assigned Numbers Authority, part of ICANN, has granted formal recognition to the .onion domain, adding it to the list of Special-Use Domain Names. Previously known as a psdeuo-TLD it was technically possible for the .onion domain to be used on the regular web -- now it is limited to Tor. There is also the possibility of site-specific encryption and the use of security certificates.

Tor may be famed for the likes of Silk Road and other such sites, but the anonymity and security it offer is important for many reasons. Of course the Tor network is not only home to nefarious websites (although it's fair to say that this accounts for a reasonable percentage of traffic), it is also used by news outlets as a way to anonymously gather news, and Facebook even has a secure presence.

The official recognition of .onion will automatically help to improve security, helping to reduce the ability to identify or locate users. The IETF documentation explains what the change means for accessing .onion sites:

Applications (including proxies) that implement the Tor protocol MUST recognize .onion names as special by either accessing them directly, or using a proxy (e.g., SOCKS [RFC1928]) to do so. Applications that do not implement the Tor protocol SHOULD generate an error upon the use of .onion, and SHOULD NOT perform a DNS lookup.

Other key clauses bolster security further:

Name Resolution APIs and Libraries: Resolvers MUST either respond to requests for .onion names by resolving them according to [tor-rendezvous] or by responding with NXDOMAIN.

Caching DNS Servers: Caching servers, where not explicitly adapted to interoperate with Tor, SHOULD NOT attempt to look up records for .onion names. They MUST generate NXDOMAIN for all such queries.

Authoritative DNS Servers: Authoritative servers MUST respond to queries for .onion with NXDOMAIN.

The prospect of SSL and TLS certification is important for the wider adoption of Tor as it helps to give users confidence that the sites they are dealing with are what they say they are. Speaking to Motherboard, Richard Barnes, the Firefox Security Lead at Mozilla, said:

This enables the Tor .onion ecosystem to benefit from the same level of security you can get in the rest of the web. It adds a layer of security on top.

Source: Betanews

Tags: domains, ICANN, security

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

Galaxy Note10 really is built around a 6.7-inch display
You may still be able to download your content
Facebook, Messenger and Instagram are all going away
Minimize apps to a floating, always-on-top bubble
Japan Display has been providing LCDs for the iPhone XR, the only LCD model in Apple’s 2018 line-up
The 2001 operating system has reached its lowest share level
The entire TSMC 5nm design infrastructure is available now from TSMC
The smartphone uses a Snapdragon 660 processor running Android 9 Pie
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 / 2
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /

News Archive



Do you use microSD card with your phone?
or leave your own version in comments (15)