diff options
Diffstat (limited to 'attic/text_formats/address-spec.txt')
-rw-r--r-- | attic/text_formats/address-spec.txt | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/attic/text_formats/address-spec.txt b/attic/text_formats/address-spec.txt new file mode 100644 index 0000000..1e90e6e --- /dev/null +++ b/attic/text_formats/address-spec.txt @@ -0,0 +1,94 @@ + Special Hostnames in Tor + Nick Mathewson + +Table of Contents + + 1. Overview + 2. .exit + 3. .onion + 4. .noconnect + +1. Overview + + Most of the time, Tor treats user-specified hostnames as opaque: When + the user connects to www.torproject.org, Tor picks an exit node and uses + that node to connect to "www.torproject.org". Some hostnames, however, + can be used to override Tor's default behavior and circuit-building + rules. + + These hostnames can be passed to Tor as the address part of a SOCKS4a or + SOCKS5 request. If the application is connected to Tor using an IP-only + method (such as SOCKS4, TransPort, or NATDPort), these hostnames can be + substituted for certain IP addresses using the MapAddress configuration + option or the MAPADDRESS control command. + +2. .exit + + SYNTAX: [hostname].[name-or-digest].exit + [name-or-digest].exit + + Hostname is a valid hostname; [name-or-digest] is either the nickname of a + Tor node or the hex-encoded digest of that node's public key. + + When Tor sees an address in this format, it uses the specified hostname as + the exit node. If no "hostname" component is given, Tor defaults to the + published IPv4 address of the exit node. + + It is valid to try to resolve hostnames, and in fact upon success Tor + will cache an internal mapaddress of the form + "www.google.com.foo.exit=64.233.161.99.foo.exit" to speed subsequent + lookups. + + The .exit notation is disabled by default as of Tor 0.2.2.1-alpha, due + to potential application-level attacks. + + EXAMPLES: + www.example.com.exampletornode.exit + + Connect to www.example.com from the node called "exampletornode". + + exampletornode.exit + + Connect to the published IP address of "exampletornode" using + "exampletornode" as the exit. + +3. .onion + + SYNTAX: [digest].onion + [ignored].[digest].onion + + Version 2 addresses (deprecated since 0.4.6.1-alpha), the digest is the first + eighty bits of a SHA1 hash of the identity key for a hidden service, encoded + in base32. + + Version 3 addresses, the digest is defined as: + + onion_address = base32(PUBKEY | CHECKSUM | VERSION) + CHECKSUM = H(".onion checksum" | PUBKEY | VERSION)[:2] + + where: + - PUBKEY is the 32 bytes ed25519 master pubkey of the onion service. + - VERSION is a one byte version field (default value '\x03') + - ".onion checksum" is a constant string + - H is SHA3-256 + - CHECKSUM is truncated to two bytes before inserting it in onion_address + + When Tor sees an address in this format, it tries to look up and connect to + the specified onion service. See rend-spec-v3.txt for full details. + + The "ignored" portion of the address is intended for use in vhosting, and + is supported in Tor 0.2.4.10-alpha and later. + +4. .noconnect + + SYNTAX: [string].noconnect + + When Tor sees an address in this format, it immediately closes the + connection without attaching it to any circuit. This is useful for + controllers that want to test whether a given application is indeed + using the same instance of Tor that they're controlling. + + This feature was added in Tor 0.1.2.4-alpha, and taken out in Tor + 0.2.2.1-alpha over fears that it provided another avenue for detecting + Tor users via application-level web tricks. + |