[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] trusting .onion services

On 01/20/2016 03:29 PM, Oskar Wendel wrote:

<snipped many great thoughts about revoking HS descriptors via HSDirs>

> What do you all think?

I agree that HSDirs are the places to handle this. The network already
trusts them not to MitM connections, and send users to malicious HS,
right? And I presume that there is testing for dishonest HSDirs. If not,
there should be.

It would be safest, I think, to simply delete HS descriptors upon
receipt of a valid revocation message, signed by the private key. As
long as operators backup private keys, they can always revoke them. It's
true that adversaries could revoke HS descriptors after stealing private
keys. However, having the site unreachable is arguably the safest
outcome after key compromise.

Private HS keys are often vulnerable, virtually unprotected in remote
hosts. So it's risky to rely on them alone for verifying revocation
messages. However, one could add the option of supplying public GnuPG
keys to HSDirs, signed by HS keys. There could be a time limit on that,
so that it won't become an attack vector. Then HSDirs would require
revocation messages signed by both private HS and GnuPG keys.

It would also be necessary to propagate signed revocation messages among
HSDirs. Each HSDir would check signatures. There's still the risk that
malicious HSDirs would ignore revocation messages. That would require
checking by peers.


tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to