[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #3507 [Tor Hidden Services]: Allow tor hidden services to delegate to operational public keys
#3507: Allow tor hidden services to delegate to operational public keys
---------------------------------+------------------------------------------
Reporter: pde | Owner: rransom
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor Hidden Services | Version:
Keywords: | Parent:
Points: | Actualpoints:
---------------------------------+------------------------------------------
Comment(by rransom):
Replying to [comment:2 pde]:
> One significant design decision when implementing this feature will be
how to handle rollovers in the operational key. Three types of solutions
would be (1) delegations that expire after a standard period of time; (2)
having the client poll for revocations; (3) letting the hidden service key
push revocations.
>
> (3) sounds most elegant but I don't understand the hidden service
descriptor DHT sufficiently to know whether it could be implemented in an
easy and reliable way.
>
> (1) is a total pain for hidden service operators that should be avoided
if possible.
>
> One way that (2) could be implemented is that hidden service descriptors
could include a second, ordinary .onion address that may be polled for
revocation information.
Our current HSDir system stores hidden service descriptors only in memory,
and only for up to 48 hours (normally only about 24 hours, and I wouldn't
count on being able to republish the same descriptor for more than about
12 hours). The only option that might be backwards-compatible with our
current HS directory system is (1), and that's not actually so bad (you
would need only one or two pre-computed signed descriptors for each
12-hour period).
I'm inclined to stick with (1) even when we design a new HS protocol and
directory system -- the space cost for enough information to reconstitute
a âdelegation certificateâ should be quite tiny.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3507#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs