[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Improved HS key management

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Improved HS key management
From: George Kadianakis <desnacked@xxxxxxxxxx>
Date: Wed, 29 Jan 2014 17:05:42 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 29 Jan 2014 12:12:08 -0500
In-reply-to: <52BFA5BE.1000004@xxxxxxxxx> (Qingping Hou's message of "Sat, 28 Dec 2013 23:31:58 -0500")
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAAS2fgT3y+0eCbPvri8jhCz_8SASuZWep+Kxk1QD8ou80MAEug@xxxxxxxxxxxxxx> <52BFA5BE.1000004@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Microsoft Outlook Express 6.00.2900.5843

Qingping Hou <dave2008713@xxxxxxxxx> writes:

> On 12/28/2013 06:46 AM, Gregory Maxwell wrote:
>> One of the current unfortunate properties of hidden services is that
>> the identity of the hidden service is its public key (or the
>> equivalent hash, in the current setup), and this key must always be
>> available for signing on an online host (usually the HS itself, though
>> potentially on a bastion host).
>> 
>> This is pretty bad for prudent key managementâ the key is very high
>> value because its difficult to change, and then stuck always online
>> constantly being signed withâ even on demand by a hostile attacker.
>> 
>> Then the matter is made even worse by there being no systematized
>> mechanism for revocation.
>> 
>> It would be preferable if it were possible to have a HS master key
>> which was kept _offline_ which could be use to authorize use for some
>> time period and/or revoke usage. The offline key could be used to
>> create an online key which is good for a year or until superseded by a
>> higher sequence number, and every 6 months the online key could be
>> replaced. Thus if an old copy of the HS media were discovered it
>> couldn't be used to impersonate the site.
>> 
>> Sadly the homomorphism proposed to prevent HSDIR enumeration attacks
>> cannot be used to accomplish this, as knoweldge of the ephemeral
>> private key and the public blinding factor yields the original private
>> key.
>> 
>> I can describe a scheme to address this but I'm surprised to not find
>> any discussion of it.
>> 
>
> As grarpamp already mentioned, second gen draft introduced the concept
> of master key, blinded signing key and descriptor signing key. It does
> not specify how to do key revocation though.
>
> Maybe you can add your idea to the draft and help improve it?

FWIW I started a thread in tor-dev about this:
https://lists.torproject.org/pipermail/tor-dev/2014-January/006146.html

Would like to hear your comments if you have any :)

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: Re: [tor-talk] TBB 3.5 starts w/ size buttons hidden
Next by Author: Re: [tor-talk] Pluggable transports for other projects...
Previous by thread: [tor-talk] Fw: Your feedback to Startpage
Next by thread: Re: [tor-talk] Pluggable transports for other projects...
Index(es):
- Author
- Thread