Has there been any discussion around native .onion / Tor endpoints for boundary nodes?

Developers
1

One of ICP’s core value propositions is eliminating reliance on centralized trust — yet accessing canisters through icp0.io or ic0.app still depends on DNS, ICANN, and CA-signed certificates. This feels like a meaningful gap in the decentralization story at the last mile.

Tor’s .onion addresses are self-authenticating — the address is derived from the service’s public key, so no CA or DNS resolution is needed to establish trust. This aligns well with how ICP already handles identity and response certification internally.

A boundary node exposing an .onion address alongside its existing HTTPS endpoint seems like a relatively low-friction improvement. The onion address could even be published on-chain, letting clients verify it without trusting DNS at all. ICP’s existing response certification would still layer on top, giving both transport-level and application-level cryptographic guarantees.

Has this been explored? Are there protocol or infrastructure reasons it hasn’t been pursued? Curious whether the community or DFINITY has thoughts on this, especially given growing interest in censorship-resistant access to on-chain applications.

3

A bit of context on where this thinking came from — Bitcoin has quietly supported .onion addresses for peer connections for years, letting nodes communicate entirely within Tor without touching clearnet or DNS. It’s a simple precedent but a meaningful one, and it made me wonder why ICP hasn’t gone this direction.

On a side note, I ran into a project called Reticulum, a cryptographic networking stack that runs over LoRa radio, packet radio, serial links, and TCP — every node has a keypair-based identity, routing is multi-hop and encrypted, and it needs zero central infrastructure. It’s essentially “Tor principles applied to a general mesh transport.”

The reason it’s relevant is that a .onion boundary node endpoint is a good first step, but Reticulum sketches out what utopia looks like — off-grid devices reaching ICP through delay-tolerant gateways, never touching traditional internet infrastructure.