[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] prop224: Ditching key blinding for shorter onion addresses



On Fri, Jul 29, 2016 at 11:26 AM, George Kadianakis
<desnacked@xxxxxxxxxx> wrote:
> So basically in this scheme, HSDirs won't be able to verify the signatures of
> received descriptors.
>
> The obvious question here is, is this a problem?

I'm not sure I fully understand, so here's a couple of quick questions
before I look more deeply.  (I'm assuming that descriptors are indexed
by their ephemeral address here.  If that's wrong and they're indexed
by something other than than ephemeral address, my analysis is wrong.)


1) In your scheme, how does descriptor replacement work?  In the
current scheme, if my introduction points change, I can upload a new
descriptor.  In this scheme, it seems that either _anyone_ can upload
a new descriptor with the same ephemeral address (which is insecure),
or descriptors cannot be replaced (which is problematic).

2) Even if descriptors can't be replaced, there's still a problem:
What stops an attacker from racing the hidden service to try to upload
their own competing descriptor with the same ephemeral address?
-- 
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev