[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] How to query HS hostname from control port



On 09/05/2016 12:43 AM, meejah wrote:
> Could you use ADD_ONION instead? Why are you using the on-disk API if
> you don't want to give your thing permission to read those directories?

I'll consider it, but I want the onion service to be relatively
permanent. It would best if the hostname didn't change every time tor
restarted.

> I also don't see why you'd give something permission to use the
> control-port, but *not* permission to read hostname/private_key
> files...?

I'd just rather not risk unnecessary exposure of private keys. The
software doesn't need the key, so I'm risking compromise just to do
private -> public -> hostname, I'd rather query the hostname directly.
I'm using cookie authentication and both tor and onions-server have a
copy of the cookie file. This way I can set up IPC between them in a
more secure manner and they can each run as a separate user.

> (p.s. I can't reach http://onions55e7yam27n.onion/)

Nothing is online at the moment. I'll make a separate post once
everything is ready.

-- 
Jesse V

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev