[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Revoking a hidden service key

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Revoking a hidden service key
From: Max Bond <max.o.bond@xxxxxxxxx>
Date: Mon, 2 Mar 2015 18:50:15 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 02 Mar 2015 21:50:34 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=nvvEUbHWZICf4I7xePYAADgkcwUPY/sF2OqQ0LqpISc=; b=TtIWJAGyRMUQBQ4dl/FrgULxhDkgAK45jnk8ebAI6KbZA+vdMKJrjOypgY4ddkAAwN IF+IvdKlPw/aRXQL4gyl9lp3acajKKka5v7lPVi5apw0TJll3FfP+3eAggkafJ5+bJFz NAnPiLChAaPF7D1rAmGD/bunQTzBBWS3JRmESGWbL+NArAKcygA8WPeB2wtTeDEDA3nc MDhz2pgYhMp2jLZdKGPgLCM6rraKZ2Yb6x/LKTjuR98Lcoru3u168U9IVOZhh72xglcI 7bk4/vBlLYujVTAttKg6LUN34eCck6fzhXC8I3BI+W/kWuwbP7S1NVoaMaL8MPfTstYl POig==
In-reply-to: <54F51F38.30902@xxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <54F506C7.6020202@xxxxxxxxxxx> <CALoT2zYkwUEguD-bN+hsePTK8a+G=HRWju6s3yGtiQA5+G5Waw@xxxxxxxxxxxxxx> <54F51F38.30902@xxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

It seems like the only way this scheme could work is if the directories
remembered which services had issued revocations, making compromises
expensive for the whole network and opening the door for denial-of-service
attacks that effect hidden services as a whole.

I would counter propose that you set up a Twitter account which tweets
about the status of your hidden service, where you could make an emergency
announcement. Perhaps you could have a passcode required to enter the site
that changes on a daily basis and is announced from twitter, so that your
users get in the habit of checking twitter before logging in to your site.

On Mon, Mar 2, 2015 at 6:40 PM, Adrien Johnson <adrienj@xxxxxxxxxxx> wrote:

> Deleting your key and taking down your service would prevent further
> compromise of your system, but if your private key was already stolen, it
> wouldn't stop an attacker from continuing to announce your key and running
> an imposter service.
>
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Revoking a hidden service key
  - From: Adrien Johnson

References:
- [tor-talk] Revoking a hidden service key
  - From: Adrien Johnson
- Re: [tor-talk] Revoking a hidden service key
  - From: michael ball
- Re: [tor-talk] Revoking a hidden service key
  - From: Adrien Johnson

Prev by Author: Re: [tor-talk] Fixing the problem of sending email from Tor: Proof of Work based system
Next by Author: Re: [tor-talk] Obfsproxy: Multiple ServerTransportListenAddr lines & obfs4
Previous by thread: Re: [tor-talk] Revoking a hidden service key
Next by thread: Re: [tor-talk] Revoking a hidden service key
Index(es):
- Author
- Thread