[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3507 [Tor Hidden Services]: Allow tor hidden services to delegate to operational public keys



#3507: Allow tor hidden services to delegate to operational public keys
---------------------------------+------------------------------------------
 Reporter:  pde                  |          Owner:  rransom
     Type:  enhancement          |         Status:  new    
 Priority:  normal               |      Milestone:         
Component:  Tor Hidden Services  |        Version:         
 Keywords:                       |         Parent:         
   Points:                       |   Actualpoints:         
---------------------------------+------------------------------------------

Comment(by pde):

 Under scheme (1), where the hidden service key is airgapped, and a set of
 pre-computed, signed descriptors for the operational key is stored on the
 operational server, the tricky question is "how large should that pre-
 computed set of descriptors be?".

 If it's small, the service operator will have to frequently use their
 airgapped system to make new descriptors and install them on the
 operational system.

 If it's large, then an attacker who compromises the operational system
 will be able to keep control (or at least partial control?) of the hidden
 service for an extended period of time.

 Designs (2) and (3) have the virtue that the operator does not need to
 ferry data between their airgapped and operational systems, unless and
 until the operational system is compromised.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3507#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs