[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #28275 [Core Tor/Tor]: hs-v3: Rotate intro points and close RP circuits when removing client auth service side

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #28275 [Core Tor/Tor]: hs-v3: Rotate intro points and close RP circuits when removing client auth service side
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 03 Nov 2018 12:30:19 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 03 Nov 2018 08:30:28 -0400
In-reply-to: <047.09afb70f75cf343ace680e79f6dd04ab@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.09afb70f75cf343ace680e79f6dd04ab@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#28275: hs-v3: Rotate intro points and close RP circuits when removing client auth
service side
------------------------------+------------------------------------
 Reporter:  dgoulet           |          Owner:  (none)
     Type:  defect            |         Status:  new
 Priority:  Very High         |      Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor      |        Version:  Tor: 0.3.5.1-alpha
 Severity:  Normal            |     Resolution:
 Keywords:  security, tor-hs  |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+------------------------------------

Comment (by arma):

 For the "cutting all RP circuits" side, compare to how we handle changes
 in ExitPolicy, or how we handle changes to SocksPolicy: the config change
 only impacts how we respond to new requests. That is, we don't cut
 existing exit connections when the exit policy changes, or existing socks
 connections when the socks policy changes. As an even more extreme
 example, I think we leave OR and exit connections as-is when ORPort gets
 disabled too. All of these config options focus on how we will treat new
 requests.

 As for the "rotating intro points" side, I haven't kept up on the auth
 design here, but I just looked through rend-spec-v3.txt. It looks like
 there are two components to the client auth -- one is whether the client
 can decrypt the descriptor (to learn the intro points), and the other is
 whether the client can prove that it's authorized in the INTRODUCE1 cell?
 I'm tempted to try to solve this one by defining "revoke" to focus on that
 second component. I also wish we had actual use cases for this client auth
 design, so we wouldn't be left trying to debate over what future
 hypothetical users would want the system to do.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28275#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #28275 [Core Tor/Tor]: hs-v3: Rotate intro points and close RP circuits when removing client auth service side
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #26812 [Core Tor/Tor]: hs: Adding client authorization through control port on an existing service fails
Next by Author: [tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #27107, #28158, #28224, #28547, ...
Previous by thread: Re: [tor-bugs] #28275 [Core Tor/Tor]: hs-v3: Rotate intro points and close RP circuits when removing client auth service side
Next by thread: Re: [tor-bugs] #28275 [Core Tor/Tor]: hs-v3: Rotate intro points and close RP circuits when removing client auth service side
Index(es):
- Author
- Thread