summary/src/sauteed/main.tex


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

\begin{kaupaper}[
    author={%
      \textbf{Rasmus Dahlberg},
      Paul Syverson,
      Linus Nordberg, and
      Matthew Finkel
    },
    title={%
      Sauteed Onions: Transparent Associations from Domain Names to Onion Addresses
    },
    reference={%
      WPES (2022)
    },
    summary={%
      Many prominent websites are also hosted as Tor onion services.  Onion
      services are identified by their public keys and subject to onion routing,
      thus offering self-authenticated connections and censorship resistance.
      However, the non-mnemonic names are a limitation due to being hard to
      discover and remember.  We explore how certificates with onion addresses
      may improve the status quo by proposing sauteed onions, \emph{transparent
      associations from domain names to onion addresses} with the help of
      Certificate Transparency logs.  The idea is to extend a website's regular
      certificate with an associated onion address.  This makes it possible to
      offer certificate-based onion location that is no less targeted than the
      HTTPS connection facilitating the discovery, as well as name-to-onion
      search engines that use the append-only logs for verifiable population of
      their databases.  The achieved goals are
        consistency of available onion associations,
        improved third-party discovery of onion associations, and
        forward censorship-resistance.
      To be discovered, sites must opt-in by obtaining a sauteed onion
      certificate.  Our prototypes for certificate-based onion location and
      third-party search engines use an existing backward-compatible format.  We
      discuss this trade-off and note that a certificate extension may be used
      in the future.
    },
    participation={\vspace{-.25cm}
      Paul, Linus, and I had the initial idea of exploring how onion addresses
      fit into Certificate Transparency.  Paul and I did most of the writing.  I
      implemented our monitor, Linus our search engine, Matt our web extension.
    },
    label={
      paper:sauteed
    },
]
  \maketitle
  \begin{abstract}
    \input{src/sauteed/src/abstract}
  \end{abstract}
  
  \input{src/sauteed/src/intro}
  \input{src/sauteed/src/preliminaries}
  \input{src/sauteed/src/sauteed}
  \input{src/sauteed/src/related}
  \input{src/sauteed/src/conc}
  \input{src/sauteed/src/acks}
  
  \bibliographystyle{plain}
  \bibliography{src/sauteed/src/refs}

  \begin{appendices}
    \input{src/sauteed/src/appendix}
  \end{appendices}
\end{kaupaper}