Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side

Subject: Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side

From: Tim Wilson-Brown - teor <teor2345@xxxxxxxxx>

Date: Sun, 24 Jan 2016 10:51:04 +1100

Delivery-date: Sat, 23 Jan 2016 18:51:26 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:message-id :references:to; bh=Bxflz2ezNpx8lrodkxa9LdsZacBfBWGeuYzDA80iKEk=; b=FVSqOrgM/xcvKoX2hmATZqGbrUtrj067ncOJZH/EigQYbLIF4hboDGruOPo2Vxj4N7 ldwGdLhA9xksZwbpOWWXuI5mZonRzXwzSFpRyKQehcnDQAYwpp8FdCQ36RfEV836HkoR l9vzVQd3VJdJD3okh8tR0g7LvpDwfweiTvmxSgjtULjTzM69WhQFtHpLscQQQ1OJVSyT mrAj3NRZ9lwNaMZjH8iGDb5TiZ3kuwGZZebsjLnQXcz3f47Iiif8YBJytlCI9BZoMioJ WjZmxPicC5LBN+Au3G2fiWN6oMCZR625Mblz5ddHlJENPWb9loQtqhFHt38QLvtixaBn ndMQ==

In-reply-to: <56A3FE85.3070703@xxxxxxxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-dev/>

List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>

List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>

List-post: <mailto:tor-dev@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>

References: <56A3F2B8.8080101@xxxxxxxxxx> <B786C55C-9FB2-485F-8F82-C1290C3C8198@xxxxxxxxx> <56A3FE85.3070703@xxxxxxxxxx>

Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 24 Jan 2016, at 09:28, s7r <s7r@xxxxxxxxxx> wrote:

> * This will break some Tor2Web installations, which deliberately
> choose rendezvous points on the same server or network for latency
> reasons. (Forcing Tor2Web installations to choose multiple RPs may
> be a worthwhile security tradeoff.)
>
Yes, but there is a HiddenServiceRendFilter 0 in the proposal for this
purpose and for RSOS services as well.

But that doesn't help clients to connect to every hidden service using

the same rendezvous points for every connection, unless every hidden

service sets HiddenServiceRendFilter 0.

Tor2Web instances are Tor clients that are configured as reverse proxies

to the entire Tor hidden service address space.

HiddenServiceRendFilter 0 only modifies the behaviour of one hidden

service with Tor2Web. But because Tor2Web is a client which is configured

to use the same rendezvous point(s) for every hidden service connection,

it will get banned if it connects to the same hidden service too many times.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev