[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #17957 [Tor]: Detect stolen onion service key
#17957: Detect stolen onion service key
--------------------------------+------------------------------------
Reporter: ess2 | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version:
Severity: Normal | Resolution:
Keywords: hs key-observatory | Actual Points:
Parent ID: #17242 | Points:
Sponsor: |
--------------------------------+------------------------------------
Changes (by teor):
* keywords: .onion hidden service => hs key-observatory
* parent: => #17242
* milestone: => Tor: 0.2.8.x-final
Comment:
Tor already has a field for this, each hidden service descriptor has a
monotonically strictly increasing sequence number.
Descriptors created using a stolen key are somewhat more likely to be
rejected in the first period, if setup naÃvely. The newly created hidden
service will use a sequence number of 1, whereas the existing hidden
service will have incremented for each descriptor change in the period.
If we randomised the sequence number, a hidden service could check that
the descriptor corresponds to the sequence number it posted.
Alternately, the hidden service could check the hash of the descriptor
against the one it posted.
Either of these schemes would have to allow for OnionBalance and similar
load-balancing schemes.
A (python-based) ControlPort client could do these checks, maybe that
would be the best way to implement this feature.
(See also proposal 224 tickets like #17242.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17957#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs