[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] trusting .onion services

++ 20/01/16 21:59 +0000 - Oskar Wendel:
>> [2] OK. Not entirely true, maybe. It may be possible to include those
>> key in some listing of the directory authorities marking them as bad
>> nodes. This is a manual process.
>There should be a possibility to automate this process. Something like...

Yes. Just to make sure: this would solve only the problem that a key of 
HS may become compromised and some way of revocation should be 
available. It doesn't solve the other issues (as, making sure that some 
key actually does belong to the intended/expected owner).

>1. HS owner realizes that his HS key has been stolen (but he still has 
>his copy)
>2. HS owner creates the "revocation message" for the onion address, signs 
>it with his key and submits it to the DHT the same way a HS descriptor 
>is uploaded

The owner could create the revocation message right away and store it 
somewhere safe, just to make sure that if the key is stolen ánd deleted, 
the owner can still create a revocation certificate.

Rejo Zenger
E rejo@xxxxxxxxx | P +31(0)639642738 | W https://rejo.zenger.nl  
T @rejozenger | J rejo@xxxxxxxxx

OpenPGP   1FBF 7B37 6537 68B1 2532  A4CB 0994 0946 21DB EFD4
XMPP OTR  271A 9186 AFBC 8124 18CF  4BE2 E000 E708 F811 5ACF
Signal    05 EB 38 5C 01 0B 55 6A 19 69 E1 EF C2 99 89 EC 9C
          E4 88 3C 6F E3 7D 58 61 9B 32 E8 DB 9F ED 1B 2A

Attachment: signature.asc
Description: PGP signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to