[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Onioncat and Tor Hidden Services V3

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Onioncat and Tor Hidden Services V3
From: "Bernhard R. Fischer" <bf@xxxxxxxxxxxxxxxx>
Date: Sun, 15 Sep 2019 10:00:26 +0200
Autocrypt: addr=bf@xxxxxxxxxxxxxxxx; keydata= mQINBFaJlioBEAC2Wb12G8cG9bo9D2qd8EEZrTcwLmJbeSUk8znzwgQXpHLzCF6/pc9cWYzo Q0X3Mer3lKDWlgPoxGLdmUOJ1VaUp+QtGrrAZuUoWVDPWxoKEOY7vWOzwo0YUKkAynfoO9oZ h7epluX9XITL0LUih1Z7H0TEGExQmJX6cirfC+O9+ljTuk3nlEKK2eEKKMpPPWNZ2iIEYHC1 QjTBPEbKW43wkpc3EGKRbWEivNxBZIDz2taW7axo74nTeg2Sbu4W1hm2WRqp46Ihg0T47Eat PMVe76XIqMaoRk7ChXTblVhSlj00x/7JBxt2frvcMaCKj8MjgtLUQq2ZGHDn+4Mwzjn2U9sm 1kJ6ACBWhe513RoohnVAb07vcZ9Pqb3CzL0yQqdiaoVUQSwQt/HM6U1ZBksdKHdc2p4GMrMB eRPxLEE7pNx3+U5+JEbMwc97dRtT7MycFYcOcaUPWFY8hd6+Lz7T4OwPIMeXJUN2MkuQJB++ 8YAkbdoCyCiMQF+LICq3tBQI0FVutGD21Uibju65oFdXKRlBvfgEteF/SCVu9PH+9Zh2aovN 7gbeVE35j5WuTk6hY4+DnpJTB/czERM1zPKP0CtdAjZpIBbVIKgWuoj8ioVLmo47FlbZJhoH OMe536SpJkEuBorNp8aU0xhl+BlXgxRfki/CH+UEIWOkkz+HTQARAQABtDFCZXJuaGFyZCBS LiBGaXNjaGVyIChFYWdsZSkgPGJmQGFiZW50ZXVlcmxhbmQuYXQ+iQI7BBMBAgAlAhsDBgsJ CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCVo9vJQIZAQAKCRCb1gFmjiTynYYjD/9JLTVE6uTU bAydQ1mSLvEeq/MtjrONDGC6kOavma5rdP0EEMXA0efYM7WjP3slYgvSgF+KoXv6STNYCiPt xz+3FK0paUan3xvmPPpBd1C9faH9ZIhNQjDAOGZqqEtul6INETcWFL1ADe/g5juz/nOc8ogq DAAEW7HeqmLYMW3V3iqBMkrWKvZ+2dI5vC0mrFBps2GMBs4Ae72TM2qelGDZZXR353zUGEFu 84IFNUWlXvq4Thg613TVMZrA294Qb0SpLT+CZI4h7M8JkGTlJNYY+ayoVQ7ze/43ylrXqNiP PTj2S+iLypo9s7QsNSYGO6GH/1emn0yChWJUUkyuR/u3ilSbDo6sarPiJH5dKBsOX9h6u7DI KvxSQDprDGREsxxQ53FKCKiUtypY24lcJFBmZEkDOhErcjb+OrVygNeCDm7qH/DBXRObVYuI K2NoBrXZPQZBQkPr+f/pYs5209GBNFXtRMnXORJc5N+a1+USiQWXr02XyXD65KAMLcTt4ueo AlbgkUYxZgvcOpMMd0E4n6rOsYzVHxRf5ALy/dO6x572rOC2OcJo/Tnbyb00LKdNisrVF5I7 TzGrff91ZvybxjqkGMJxPv6+6gJ8yf5AIN/V9ExNNX/Z5ZWKXoM2HKHWv9dRUsTYSQq5jHQO sfhKZO1C+kvVLVCEFhsInrOj9rkCDQRWiZYqARAAvXAjfNw47Dt9o68j8U9Mv1sZKBL2k7CU ul0/vD/sxH/6oVZL9w38afzqgTl6H9nHUWPSUEKG9kw4DthC4kLm2wwEwakuRonprq//p3WI qwHEA6epqjlku4/oKSadiuvnnNH2OXVPCIf7ALYkZPc7JnnjhM2d0a5VGxQwIyU15OJc+mYP p8aoP8QwIoZvpWjxt2CJtSpHWidpbOPeXcg38j8myginL+nEUeSwVRQowQ3GHMd50zhbLg6Y RCPUTa09ekuVc8N3tUCEl3NISLwfS+S8cGKfkCQZ6ecBgxq3C4Vj++Ubks/tKmslIySlEIf7 xeiLz2yJkOHQeCRxNiOSbATWePL1v1LeymBgEqnzpeRdfnDsKK2saF41mlviQlkZcoHQE/KS 6qovyPtEoVwAl1XAGyc9pWa4k7Q6tJRT9hE6WSxQFxdzcIoDa9zQiawKtoHRNg1Y6hFnsVon +KUmGiM3y4tZBcyMFifQFB/UYCTCCr1RbgvGQNMrY6uqKro25dlTjTaGB8O5UXK5X126LttW tzRG1Z0k1uGPsMvUwg/xTriiOKUUkDCdcJ+ZzRK9R06APJUAbGmHeOZ2Ocl3S+1wDRy/5iBG azJ3gfG49LITRHd4KRmBxWTdhCvaoePPLV9Q3Bd4jMFVhVyduZG17/V5PAjTatvkvRF+wjlQ 4DsAEQEAAYkCHwQYAQIACQUCVomWKgIbDAAKCRCb1gFmjiTynYhVD/9EjHsZbc8sPoKGBqTZ uelUu+V9RbkVUBPToFLm3YztSkNsq+zfjDdOUUYb+XHqoCmwA4HCUbMCeP7XC8k3Nke0Um30 k73jMalj2q8FU5iYtjMGVv5yJwhbpo/7C4PiY5+mcvkhCRnfcQUiEgaZbg82RIVT6jOgQvgB US0biOeNAFqIvnHZpGwObrEI4Wh/61zDNuyVwkmKzuKD8Tf3tvWF7ZF3MR4tX3E1pKwdqrmL z6KOjYqwtpE1McHEWJIVDzxKtsPPbYW770duQMV0GReyAoGiZmLOz3eXDROxRGpXhxinjzZB djtztzI/Zbn7rtt4vWGARFrRIeMu9TUb6pa9ScPfxYBTetidWf5oVchvE2BPw0jCsK9gTPSK Cjqm/MoSWc8iRuiv1MXNUpQOZeeAKDh9k+EigPBJWdMJB/4yyaAuJsPTyHrNUbC7PSRgKEP/ +hjQSj5jfbfJxlcDZWKgyA+KT82XBw8uINozjk6HCa9TtKMETe1IHyW6sYHGw+ccfMRo7K29 z/wVHra2o/Lk6ma57MwDK2xJ1aYzRdA80GbknNLObJDQyIlbX9cdjWS8oAmhkUoQDuGQVMMt DPTPISvyd1mOnSfV3UcntTHcH8WQnBQNcmwsNQRzQLuzdG/YLN3tWHRD5/AbM1ALxSQ/0ZSM a9iRw0A0uWRxuMrGSg==
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 16 Sep 2019 05:08:38 -0400
In-reply-to: <CAD2Ti29cFGNPE8oW9s7wUkMEagx-zEh4oJNzhBgWHambcyMgsA@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Openpgp: preference=signencrypt
References: <8995aacb-170c-cb54-6f29-adfe297b61e0@abenteuerland.at> <CAD2Ti29cFGNPE8oW9s7wUkMEagx-zEh4oJNzhBgWHambcyMgsA@mail.gmail.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0

On 13.09.19 00:27, grarpamp wrote:
> On 8/20/19, Bernhard R. Fischer <bf@xxxxxxxxxxxxxxxx> wrote:
>> I finally wrote a HOWTO on using OnionCat with v3 hidden services. I
>> also did some patches to OnionCat to have a better integration.
>>
>> https://www.onioncat.org/2019/08/onioncat-and-tor-hidden-services-v3/
> Thanks.
>
> Rather than tor killing off v2 onions and HSDirs from the
> codebase, thus ending all the good useful carefully chosen
> and even required reasons people still use v2 and onioncat
> (some of which can be found by searching list archives
> for onioncat, P2P, VoIP, add more uses here)...

The article shows, that it is possible to use OnionCat with HSv3,
although v3 kills the full automatic addressing method.

For having a full automatic addressing (i.e. association between v3-id
und IPv6) some kind of lookup mechanism is necessary. Although this
could theoretically be managed by DNS, this is NOT a solution because of
the well-known DNS leakage problem (and because the private network's
reverse delegations are not globally registered and would need some
workaround).

IMO a solution could be a HSv3-HSv2 compatibility system within the HS
directory let's call it HSv23.

I propose to create HSv23 entries in the HS dir, which are almost the
same as HSv2 but with an additional field including the HSv3-id and the
signature is created by the HSv3 key. The index (i.e. the onion-id) of
the HSv2a entry is an 80 bit truncated HSv3 id.

The lookup then works as follows:

1. Convert IPv6 to onion-id (80 bit)
2. Retreive the HSv23 entry of the HS dir
3. Retreive the HSv3 entry
4. Check signatures of HSv23 und HSv3 entry
5. Connect to HSv3 service

Recently, I also wrote an Security Considerations article on OnionCat
which also includes a short discussion of the Hsv2/Hsv3 security in
respect to OnionCat:
https://www.onioncat.org/2019/08/onioncat-security-considerations/

Best regards,
Bernhard

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Onioncat and Tor Hidden Services V3
  - From: grarpamp

References:
- Re: [tor-talk] Onioncat and Tor Hidden Services V3
  - From: grarpamp

Prev by Author: [tor-talk] Discover and move your coins by yourself - Browser version released
Next by Author: Re: [tor-talk] Does an Tor-friendly XMPP (Jabber) client exist?
Previous by thread: Re: [tor-talk] Onioncat and Tor Hidden Services V3
Next by thread: Re: [tor-talk] Onioncat and Tor Hidden Services V3
Index(es):
- Author
- Thread