[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Onioncat and Tor Hidden Services V3

"Bernhard R. Fischer" <bf@xxxxxxxxxxxxxxxx> writes:

> On 02.12.19 09:55, grarpamp wrote:
>> Either HSv2 support must not be allowed to go away,
>> or onioncat must be made to work with HSv3.
>> Otherwise tor permanently loses a major onionland capability.
> Definitely.
> For v3 to integrate smoothly into OnionCat (and similar services), any
> kind of external mapping database is necessary (as I already mentioned
> in an earlier post).

Hello there,

I appreciate your excitement about onioncat and sympathize with your
frustration about support going away.

I'd like to find a way to keep on supporting this use case but these
things are not easy. They are actually quite hard:

> I suggest 2 possible options:
> 1) Integrate v2->v3 lookup mechanism (I call it hs descriptor v2a) into
> the HS directory. It should be like a v2 descriptor, but containing the
> v3 public id and being signed by the v3 key, which is found in the
> according v3 desriptor.

A v2 descriptor cannot be signed by a v3 key, because a v2 descriptors
needs an RSA signature and v3 keys are ed25519.

This means that v2a would be a brand new descriptor type, which means
tons of engineering work (but we already knew that because the lookup
algorithm below is also tons of work).

At that point it doesn't make sense to call it v2a, you can just call it
OnionCatDescriptor. OnionCatDescriptor is a document that can be fetched
and verified using the entropy available in an IPv6 onioncat address and
somehow redirects you to a v3 descriptor.

I know I said that this is tons of work, but everything is tons of work
in this life, so if you want to proceed with this project, the next step
would be to write a proper Tor proposal on how this would work, then
post it in this list and let the fun begin.

As a final note and as my personal opinion, I don't think onioncat
support is gonna stop v2 deprecation. v2 addresses are 80-bit and can be
literally brute-forced and impersonated with the current human
technology, so their deprecation is already too late.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to