[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Revoking a hidden service key



An solution might be to allow hidden service revocation descriptors to expire after a long time, and to be updated by the hidden service operator, but only as a new revocation descriptor which has a later expiration date. That way the Tor network can eventually forget about revoked hidden services which are no longer used and where the operator no longer feels there is a threat of impersonation.

On 2015-03-02 9:50 PM, Max Bond wrote:
It seems like the only way this scheme could work is if the directories
remembered which services had issued revocations, making compromises
expensive for the whole network and opening the door for denial-of-service
attacks that effect hidden services as a whole.

I would counter propose that you set up a Twitter account which tweets
about the status of your hidden service, where you could make an emergency
announcement. Perhaps you could have a passcode required to enter the site
that changes on a daily basis and is announced from twitter, so that your
users get in the habit of checking twitter before logging in to your site.

On Mon, Mar 2, 2015 at 6:40 PM, Adrien Johnson <adrienj@xxxxxxxxxxx> wrote:

Deleting your key and taking down your service would prevent further
compromise of your system, but if your private key was already stolen, it
wouldn't stop an attacker from continuing to announce your key and running
an imposter service.

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk