[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Improved HS key management

To: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-talk] Improved HS key management
From: Gregory Maxwell <gmaxwell@xxxxxxxxx>
Date: Sat, 28 Dec 2013 15:13:34 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 28 Dec 2013 18:26:16 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=KOC6srfaT4dthSjVtsvVa1FDUd6Tfz3KvkUI7ixnbZw=; b=f+M/H0uVWaH8Bioft+P/3DbNwnX9027X4FEe3Fff+Tf9ZpYTR/oj8UyzeJz8c3iXfz wvzTvrTiqNa0GmZcCBGbr7d6GywUdy5lAGlPgWPdIGCFSEHnDbiGIUhEteYnRWWqUf4v CRR/s1CpsawtnUHLlV3b/TX/c+GMkODByj/EhsJYTNonAUbw93MThOlPM+RGFNeS2KLx 9uk9W0VsVMdzuUu1Buw8RCKL6yKSKTU6BiAb51CaoqsOuSW5jSNImyEKI8CIVpqpyjXb M5tz2awE8xwC2m36EDw0xGMh/lr7nTPaZ+DVBIy/NP5GWr+LMYhNe8O6Fgjsh2/CNXvA 5WCA==
In-reply-to: <CAD2Ti2_5Ojk2G5BUb+jwdtRfoawiTRqdnq_0Yu9FYb6xjohDPw@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAAS2fgT3y+0eCbPvri8jhCz_8SASuZWep+Kxk1QD8ou80MAEug@xxxxxxxxxxxxxx> <CAD2Ti2_5Ojk2G5BUb+jwdtRfoawiTRqdnq_0Yu9FYb6xjohDPw@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Sat, Dec 28, 2013 at 1:15 PM, grarpamp <grarpamp@xxxxxxxxx> wrote:
> On Sat, Dec 28, 2013 at 6:46 AM, Gregory Maxwell <gmaxwell@xxxxxxxxx> wrote:
>> One of the current unfortunate properties of hidden services is that
>> the identity of the hidden service is its public key (or the
>
>> This is pretty bad for prudent key managementâ the key is very high
>> value because its difficult to change, and then stuck always online
>
> It's not difficult to change, you just change it.
> I'm pretty sure there's a ticket open involving most of this key
> management stuff, you could add any missing concepts to it.
> It's been on the list before too. And there's a second gen draft
> proposal on tor-dev/torspec.

It absolutely is difficult to changeâ you can only "just change it" if
no one uses it.  Otherwise you're chasing people to change addresses
on websites and in software, and the static addresses in people's
bookmarks are vulnerabilitiesâ both if the key falls into an attackers
hands but also because if users become used to the URL just changing
they'll believe it when an attacker DOS attacks the URL while
publishing a new one. Copies of the old name lurk around for years
hitting unsuspecting people, etc.

Sure, it's not the end of the world. Life goes on, and even with good
key management possible, many won't use it.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Improved HS key management
  - From: Gregory Maxwell
- Re: [tor-talk] Improved HS key management
  - From: grarpamp

Prev by Author: [tor-talk] Vanity onion attacks
Next by Author: Re: [tor-talk] Request for "Tor, king of anonymity" graphic
Previous by thread: Re: [tor-talk] Improved HS key management
Next by thread: Re: [tor-talk] Improved HS key management
Index(es):
- Author
- Thread