[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] trusting .onion services

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] trusting .onion services
From: Oskar Wendel <o.wendel@xxxxx>
Date: Wed, 20 Jan 2016 22:29:51 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 20 Jan 2016 17:30:16 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20160116212250.GA14827@xxxxxxxxxxxx> <n7p00n$ia8$1@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oskar Wendel <o.wendel@xxxxx>:

I already see some flaws in my solution, so forgive me for answering 
myself.

> 2. HS owner creates the "revocation message" for the onion address, signs 
> it with his key and submits it to the DHT the same way a HS descriptor 
> is uploaded

I think it should be done by Tor after putting a directive in torrc below 
HiddenServiceDir. Something like:

HiddenServiceDir /some/dir
HiddenServiceRevoke 1

> 3. This revocation message, once received and confirmed that it belongs to 
> the owner of the specified onion address, cannot be cancelled or undone. 
> The address is marked as "bad" forever. Alternatively, to avoid cloggering 
> the network, it could be marked as "bad" only for a certain amount of 
> time (a year?) and during the validity period, the owner should reissue 
> a new revocation message, or else it will expire

Better idea would be to publish it exactly as HS descriptors are 
published. I don't know the validity period of a HS descriptor, but it 
should be periodically refreshed as long as Tor is running (just like HS 
descriptors are - are they?)

Of course only one Tor instance would be sufficient to revoke all HS 
descriptors, published by the attacker who stole the key.

Of course, the attacker could post his own revocation message, but he 
would only do everyone the favor by doing so.

> 5. When client tries to download a HS descriptor from a HSDir relay, it 
> will receive the descriptor, but it will also receive the revocation 
> message
> 
> Now it all depends on the client:
> 
> 1. Client too old to understand revocation message will ignore the message 
> and connect anyway

Maybe it would be better to check client version (does it send its version 
when asking for HS descriptor?) and in case the client is too old and a 
valid revocation message exists, refuse sending this HS descriptor.

> 2. Client with a default configuration will verify the signature of the HS 
> revocation message and if valid, will refuse to build circuit to HS 
> introduction point (and log this information)

The signature should always be valid, as it is checked by the HSDir relay, 
but the client should do its check anyway (because HSDir relay could be 
malicious).

> 3. Client with a special configuration flag set (IgnoreHSRevocations or 
> something like that) could log the revocation message, but build circuit 
> anyway, at the client owner risk

Of course logging with the usual "[scrubbed].onion" text.

> 1. What if Tor on HSDir relays is too old? They won't process this message 
> properly. Maybe we should have a new flag for revocation message directory 
> relays and use it instead?

Bad idea, as all clients would then need a separate circuit to the 
revocation directory just to check the revocation message and it would 
slow down connecting to all hidden services.

What do you all think?

- -- 
Oskar Wendel, o.wendel@xxxxxxxxxxxxxxxxx
Pubkey: https://pgp.mit.edu/pks/lookup?search=0x6690CC52318DB84C
Fingerprint: C8C4 B75C BB72 36FB 94B4 925C 6690 CC52 318D B84C
-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJWoApcAAoJEGaQzFIxjbhMb/sH/08/J4znYNQtvGkt7HqMaopJ
5Yl7lFTHMa+dI2Z1zsdvbdquJ6Vu4IVPnb5Ze9ak2FKnz1l29FOp1YcfsVAGD0WE
M7RmrYVsUA8apYz87oPdzX1jyO8PKi7gPv/B0OFW01V894DAEHZP3RuEkIdYUnwi
gKLl5taafE8xQwI7sFXtyY3vwpT8sWrrvYqeL/+bPVCTgaG68ZU/62FYTgRyduzo
PSyyeEV7ahgvlU6wyBnOd81jSkpqXTf9pmTaVoC5VhVwOJAfCfENef+Eb1FJGNI0
4cgeFiTJG8J/U9CtLjdTtfHJjWrHlYMn1mDTHsx72gpaqU/ASuHyaEUtn78sMWc=
=ztKe
-----END PGP SIGNATURE-----

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] trusting .onion services
  - From: Mirimir

References:
- [tor-talk] trusting .onion services
  - From: Rejo Zenger
- Re: [tor-talk] trusting .onion services
  - From: Oskar Wendel

Prev by Author: Re: [tor-talk] trusting .onion services
Next by Author: [tor-talk] Using VPN less safe?
Previous by thread: Re: [tor-talk] trusting .onion services
Next by thread: Re: [tor-talk] trusting .onion services
Index(es):
- Author
- Thread