[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] ng-rend-spec and very public services

To: "tor-talk" <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-talk] ng-rend-spec and very public services
From: "l.m" <ter.one.leeboi@xxxxxxxx>
Date: Tue, 02 Jun 2015 12:01:02 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 02 Jun 2015 12:01:15 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi,

So I was thinking, perhaps incorrectly, that ng-rend-spec doesn't do
enough to protect very public onion services. Sure, there are
advantages to the proposed changes. What if the adversary is also
someone who can derive the credentials? Encrypted descriptors don't do
much if you can throw SIGINT at HSDirs to determine when they're used.
Even less if you happen to be a HSDir who knows a list of public onion
services and you want to know if you're in possession of any of their
descriptors. If you happen to be using OnioNS you've got another
contributing factor in the form of the onion service lookup leaking
intent to resolve.

Tell me I'm just being paranoid.

--leeroy

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: Re: [tor-talk] Tor shirt
Next by Author: Re: [tor-talk] Matryoshka: Are TOR holes intentional?
Previous by thread: Re: [tor-talk] Tor-ramdisk 20150531 released
Next by thread: [tor-talk] Invaded by disconnect.me
Index(es):
- Author
- Thread