Tor becomes extra secure as .onion becomes Special-Use Domain Name
Tor granted Special-use status by IETF, to become more secure and get security certificates
The dark web browser Tor has now become extra secure as the .onion url has now been assigned special-use status. The Engineering Task Force (IETF) along with Internet Assigned Numbers Authority, part of ICANN, has granted formal recognition to the .onion domain, adding it to the list of Special-Use Domain Names.
The special-use status means that .onion can now only be used on Tor. Earlier .onion could be technically opened on the regular web due to its psdeuo-TLD status. The special-use status also opens the possibility of site-specific encryption and the use of security certificates.
For the uninitiated, Tor, which is a acronym for The Onion Router is used as a way of browsing the web (more) anonymously. Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than six thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult for Internet activity to be traced back to the user: this includes “visits to Web sites, online posts, instant messages, and other communication forms”. Tor’s use is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored.
Tor has faced competition from other secure browsing systems such as HORNET. But now it is set to benefit from key changes that will improve security and have further implications.
The official recognition of .onion will automatically help to improve security, helping to reduce the ability to identify or locate users. The IETF documentation explains what the change means for accessing .onion sites:
Applications (including proxies) that implement the Tor protocol MUST recognize .onion names as special by either accessing them directly, or using a proxy (e.g., SOCKS [RFC1928]) to do so. Applications that do not implement the Tor protocol SHOULD generate an error upon the use of .onion, and SHOULD NOT perform a DNS lookup.
Other key clauses bolster security further:
Name Resolution APIs and Libraries: Resolvers MUST either respond to requests for .onion names by resolving them according to [tor-rendezvous] or by responding with NXDOMAIN.
Caching DNS Servers: Caching servers, where not explicitly adapted to interoperate with Tor, SHOULD NOT attempt to look up records for .onion names. They MUST generate NXDOMAIN for all such queries.
Authoritative DNS Servers: Authoritative servers MUST respond to queries for .onion with NXDOMAIN.