[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17178 [Tor]: Single Onion Services: One-Hop Intro Point and Rendezvous



#17178: Single Onion Services: One-Hop Intro Point and Rendezvous
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:
     Type:  enhancement                          |         Status:
 Priority:  High                                 |  needs_revision
Component:  Tor                                  |      Milestone:  Tor:
 Severity:  Normal                               |  0.2.8.x-final
 Keywords:  028-triaged, tor-hs,                 |        Version:
  TorCoreTeam201511                              |     Resolution:
Parent ID:                                       |  Actual Points:
  Sponsor:  SponsorU                             |         Points:  large
-------------------------------------------------+-------------------------
Changes (by teor):

 * status:  needs_review => needs_revision


Comment:

 Reviewing asn's HS/RSOS poisoning changes:
 * code looks good, but I wonder if we should make it generic, so we can
 use it with single onion services as well, by using more generic terms,
 like SOS and "non-anonymous onion service":
 {{{
 #define SOS_POISON_FNAME "non_anonymous_onion_service"
 }}}
 * There's a warning for ephemeral RSOS, but I think it's actually an
 acceptable use case. The keys aren't persistent, so there's no issue with
 reuse in anonymous/non-anonymous modes. Maybe make it a log_info and
 remove the "can't be"?
 {{{
 log_warn(LD_GENERAL, "Ephemeral HS can't be started as RSOS.");
 }}}

 Running the changes:
 * chutney verify works using chutney rsos-min network in the chutney
 feature-17178-rsos branch
 * changing from RSOS to HS or HS to RSOS and then doing a HUP fails.
 * changing from RSOS to HS and then relaunching tor fails.

 Changing from HS to RSOS in the torrc and relaunching doesn't fail. I
 think this is OK, because we need an upgrade path for hidden service
 operators to deliberately upgrade to a rendezvous single onion service if
 they want to. And I don't like the idea of making operators touch a file
 in the filesystem to use RSOS.

 We already have an extensive warning the first time we start up with RSOS
 and poison the directory. Is this sufficient for the HS -> RSOS case?

 {{{
 [warn] RendezvousSingleOnionServiceNonAnonymousServer (RSOS) is set. Every
 hidden/onion service on this instance is NON-ANONYMOUS. Clients remain
 location-anonymous, but may be statistically distinguishable. If RSOS is
 disabled, Tor will refuse to  launch RSOS hidden services to protect
 against misconfiguration errors. This setting is for experimental use
 only.
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17178#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs