[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #8243 [Tor]: Getting the HSDir flag should require more effort
#8243: Getting the HSDir flag should require more effort
-------------------------------------+--------------------------------------
Reporter: arma | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Keywords: tor-auth needs-proposal | Parent:
Points: | Actualpoints:
-------------------------------------+--------------------------------------
When we invented the HSDir flag, our goal was to only use nodes for
storing hidden service descriptors if they're likely enough to be around
later. The question was solely around robustness: pick all but the nodes
that have a good chance of going away while your hidden service descriptor
is valid. We picked "has 25 hours of uptime" as what we hoped was an
adequate threshold to stand in for the real question, which is "will
likely remain online for the next hour".
But actually, there are security implications here too: an adversary who
can control all six hsdir points for a hidden service can censor it (or,
less bad, observe how many anonymous people access it).
So we should raise the bar for getting the HSDir flag, to raise the cost
to an adversary who tries the Sybil the network in order to control lots
of HSDir points.
That said, there's a contradiction here: the more restrictive we are about
who gets the HSDir flag, the more valuable it becomes to get it. At the
one extreme (our current choice), we give it to basically everybody, so
you have to get a lot of them before your attack matters. At the other
extreme, we could give it to our favorite 20 relays, and if we choose
wisely then basically no adversaries will get the HSDir flag. What are the
sweet spots in between?
(This ticket is inspired by rpw's upcoming Oakland paper)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8243>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs