[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Hidden service question



On Wed, Mar 22, 2006 at 02:25:13PM -0500, Geoffrey Goodell wrote:
> On Wed, Mar 22, 2006 at 02:14:25PM -0500, Paul Syverson wrote:
> > Still incomplete and a little off. The node the hidden service sets
> > up is called an introduction point. The client creates a circuit to
> > a separate rendezvous point, then sets up a circuit to the introduction
> > point and sends information about the rendezvous point down that.
> 
> Right, but the server may opt to not build circuits to particular
> rendezvous points, resulting in some degree of control over what those
> points are.  (The point of my incompleteness was to avoid the details
> associated with introduction points, but thank you for clarifying it.)
> 

Absolutely. We're each trying to avoid too many details. (Guess at
least I'm failing there.)  The hidden server can decide whether it
wants to talk to the client or not. There are options in the code, but
nothing yet implemented, that allow the client to authenticate to the
server (when it doesn't want to be anonymous from the hidden server,
although perhaps from external observers).

>  It
> seems that with the architecture described above, clients should be able
> to *be* RP, and therefore have a way of specifying that they do not want
> client anonymity but just want to be able to access anonymous services.
> 

Of course this implies no anonymity from either the HS or a network
observer. Just as should not limit use of Tor only to the cases when
you're browsing to sensitive sites (lest you flag when that is
happening), you don't want to only use Tor when you're browsing to
sensitive hidden sites.

> > > - Client anonymity only: a way for servers to advertise themselves
> > > without anonymity (e.g. a web service running at http://router.exit/,
> > > for situations in which the service does not want anonymity per se but
> > > wants people to connect via Tor, perhaps for the purpose of providing
> > > consistent reachable service from behind a NAT / firewall / dynamic
> > > address.
> > > 
> 
> > Yep. Actually several variants currently being considered.
> 
> Why not just use the router.exit syntax to refer to 'unhidden' services,
> out of curiosity?  That approach seems to work already...

I agree. I just meant variants on hidden service protocol
design and configuration in general.

aloha,
Paul