[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17239 [Tor]: Implement new key blinding scheme for proposal 224

Subject: Re: [tor-bugs] #17239 [Tor]: Implement new key blinding scheme for proposal 224
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 19 Nov 2015 15:30:07 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 19 Nov 2015 10:30:17 -0500
In-reply-to: <047.dc027e1b52b5229c480f27be6e3d5bb0@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.dc027e1b52b5229c480f27be6e3d5bb0@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17239: Implement new key blinding scheme for proposal 224
-------------------------+------------------------------
 Reporter:  dgoulet      |          Owner:
     Type:  enhancement  |         Status:  new
 Priority:  Medium       |      Milestone:  Tor: 0.2.???
Component:  Tor          |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:  tor-hs       |  Actual Points:
Parent ID:  #12424       |         Points:  large
  Sponsor:               |
-------------------------+------------------------------

Comment (by teor):

 Replying to [comment:3 teor]:
 > We send the same blinded key to each HSDir, and use it to encrypt the
 payload.
 >
 > This allows the HSDir to descrypt the descriptor, which seems
 dangerous/unnecessary.

 I made a mistake here, the HSDir actually needs the subcredential to
 decrypt, which is derived from the credential.

 So this is what we're doing already with the separate subcredential
 (encryption) and blinded public key (retrieval):

 > * use a different blinded key for retrieval and encryption,

 But using different blinded keys per replica means that replicas can't
 find each other.

 Also, what if replicas overlap? We could end up with just 3 HSDirs for a
 service.

 I'll send a patch in the morning addressing these issues and those in
 #17242.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17239#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #16940 [Tor Browser]: Implement loading (only) local change notes after a Tor Browser update
Next by Author: Re: [tor-bugs] #17590 [Tor]: Decouple connection_ap_handshake_attach_circuit from nearly everything.
Previous by thread: Re: [tor-bugs] #17239 [Tor]: Implement new key blinding scheme for proposal 224
Next by thread: Re: [tor-bugs] #17239 [Tor]: Implement new key blinding scheme for proposal 224
Index(es):
- Author
- Thread