[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] HS v3 client authorization types

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] HS v3 client authorization types
From: Suphanat Chunhapanya <haxx.pop@xxxxxxxxx>
Date: Sat, 28 Apr 2018 03:08:14 +0700
Autocrypt: addr=haxx.pop@xxxxxxxxx; prefer-encrypt=mutual; keydata= xsFNBFaU83wBEADElEh5UmB+WXTKh5zL1IrUNebyA/pOdNOjY3phosuG2Xdth76PMhvyPXVu /Jf8GWDuDXhMrAKTGBloUuqbLpQsj6BY2YhV7Tn1wEiSqXCJMK8NdwrQhkUWKiX/ioxL4r4R cP9IUtDKkSstLhU7vk+7TUdQFIw4Y+qsNT+IgOvqpxlkIdieYNfExOvzXB9aWtVPfbpZ32S/ zTfZ8LBNXV9jWwFrMPZTFh8Dc9wzYQ/ZQUg8OckNSHNCYPiY0/x3x/FW4abBSJ376fxdQJNt x6f9dnOL8KEhv670Vt4S/NnXSo+jW0lzoDgE3PhpchQ3EaD/CgEYGEiIa8tnHERGpVRvPzwc jw1j9Cp/nFJL4eNVO+oOk9Iorh2LLID1z8vU+hgtoZZHQBSh7Gv+CmaV6DYCKwVxKxZkLKdX LauaweS32ZORb/eTaruXhSGFLgNFwjgurbSLw3FtUIcz8k7n5T2sx00C6kffaH5fZ8q5vj15 w7+l1KI0qCRS8XGm4bcfimgToRD858qbdi1vEcgygzewzDtDex7NfElpcg3krgNZHcBmfRI2 BVNRmlZWjsQNZOp5OhC/XuPGmkSlsZFgymYxHl8rraNlJeobMDjN3XYXLOMFMTqptOoYmw54 Mr+cOnFAu9R0qReEjBXXrpeECMX/2F1DYvus9x/zAV8Mku8BZQARAQABzTNTdXBoYW5hdCBD aHVuaGFwYW55YSAoaGF4eHBvcCkgPGhheHgucG9wQGdtYWlsLmNvbT7CwXgEEwECACIFAlaU 83wCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEGyq803SvUvTjF4QALoBadnJdTyJ /EcsqMCxysiQOqZNeppf3X/g/GHLLn52Y0XPud9JRXQRkBvLU2ax62N4vGtKT0WXhWKG5bgf pkH6rIRzKgJYtS4oYx6TjDKIQPK5Zup2XvqLtyxmssLCwKKXYqMurC/Vmzywq5nidOgdjD17 tO8PWGoSb4pm8XKm4cudhOaU+mF1B0tshjedBb3vSYnZ1Dmy3qOBx672ahU/L7ArIqOmH9+k 0FdeuQIjA4u0FU+p+JUZRVisqIkQP/gVc+5W1k/QqQm5gGFAtxD5mQ3eDvicd2aQ10NFRlTQ PTuFUfiouvNs5W6scaunv1IugSIbJY8e2fBSNkX+bf1vV4RXLC9CpZ+8YJoXB34LJRvHgkQ7 obL5A82mOG9ayMst3mDbJS8ASfZhKSliyXfo+W4XkPoOoSBAN7Sms/ZjMRXIAulbN0n5Pp8y xuCV1tL3ti7NxpvJEeTRBRmTawM3yGohX8rZiOdOFKuPvRCuUHUauASLacse8iTHwR1hYzuQ 1mv4hXo6RvOG0EUPUjEIHIIS3yFatXrTVpVr9DcgF8Dw+L2VaIqDg07GnunEyJ45YTMeJ5YG ZNngMhtDMf/diMIf9TOpUBohyeGLris3Opz3hkvn4zyeri2fCDzYkOi7dsgtqYox9HdYKj7a 80IBVWIOdT5nkJ1apAe4COwPzsFNBFaU83wBEAC3oeIL6xvJGo0VBSGrmXkbGBh3Q/wK0GLz YFZqGGAl1UuAPDGd5t8Z2QA+SENhVV/GxHS4H1D/srBzK2evm0yRcfEpye1EtK1HbcjsvIw1 IRklnuRs3+6bc6vS4eOREbFAFwheBn06RYWDOzuoTldEj25jasoPOyaNgmGJU4E2dHQac8ZS xLrVMrdXjV+SYfvwX0igf7MVRwhY6i5guIrAOsatFlwelBcOrh3SaA94G+vD8XpgYzWIm82s iB2wNcpn8HIXtbI5bupqKu8gSOEzpT/nRjOBQTRdMcKewy6h9dGI7DpHigzHSfIc6isV3h4S qgNT9oMic0TU8hzRetLw8g6qpUjtHb5hHOB0vkRHXT5o5iMp527ORrS3JASMBZwGCiZASOhl fI/F2l4b2YI9A0Y7pQVekUX1Arbj6fknFvfxeSKvpeowyLIgwMUEqPs8P9Ud6MGLw70JmR7y 8uEAM+jm4FZwQBrAxb633+vZndYDEEBpUV+pdCTN61m34MBdvbckdNnfiT2+Or+YSOub7J/Y M1SqqL2JXrCJrjWay90kWWtmJjKWZKPBeyoQ6/jlLrXebp0XJUf7rq2HsbMfzCf+j0QqXhlg TyJmcRC254OwUerDnkfSJ3dYiOewEPQNg+wFOxU+DI9Q90XlScmkRFHQld2hxj/e1UFsJaAN rwARAQABwsFfBBgBAgAJBQJWlPN8AhsMAAoJEGyq803SvUvTITIQAIRXbk8nGboVP+ByBmJg IASX2d0/VjTdhoRSsDZOjdMYH6EC0JAFvmt73glqIiDAbXNJdG7Xu5dmWz5MhEH1KuP2huOK JjbKHFrGZpTbgDM0kmBM2KBDf10y/fxor0JDJJXKfT5GDylryNtmecoTTLW9uum+RqM4STga +FkSgPYvh+I3TVH6fmzMvYsosATmWaYamtMqefPc7g4s6hBGhMiGWdtEaRTd6NObbGlVVlQs vTmc6Qabs+43h21nJHEquwtz8JjJqH6CMcV2aWTQdmt+Vp+C0wIXRZEQsWChftvWMmzxcc0R zy+ls1SpJKDUraGqDYxUPQvWj4Fyo3OSQ6WMuxZjHuAbh6S6G/1iUPQkYn+GabuCymL+t5Tt AeLGWHbdZZI8fo/EzGcTbGOKGOyTyLb4hPRudqe0WUHzPJmcC1fDuHrql96XFpMZaBzdDz64 YldU5CtBfPZVfwahw/RgFTt89Lvh9GfXmuLzmZcrmf2N/yn//lINCEeVLgpg0jgfXwBKf+/+ 66cVNuI7pWtHFk5apS/BbDac5EwYJ8yCPBR1Jhu55UjldlwP3vEulwM5zDnaiUn+O3/7qwFd 8QE1lSHQPh5STdS7tWaqita0A3xJAPH4TTmUT7C3H3KVN54+gj4IcQRU0ecrz0wv6MXTdDVD 1HgnSerf7ksyjU/c
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 27 Apr 2018 16:08:48 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:openpgp:autocrypt:message-id:date:user-agent :mime-version; bh=g27nfIvZhxqVrD7Qv+UiLn5JVdWqDg3wPaFcP8mc/FY=; b=uqT3BgPm2Fp9Te+3jSOhdKOwJPfCrEpjN0tWKWq/drAXX9u/qG3G3n1p1bIWL8bALm +iooxhBBA2if7czxWiBl4RoWHgCOTMVTK6HAW4qfLLV1bgBo2+hRoNX04qGkyLS1HEiB IPgaZpRqtp2kWZRceNozN9ZM5y2+Gh49hhPxPokHHppTMswM+2vpK1xIsq+X7iZmbYEA mI9d9kND5pRh0HBo67bY9A3x4qreWx2SzdKM4oU/5jC5VlGdjINIPy2wVubT/GEIbgvP ItHGu5Qphpg91bQQ25y8ijjNkNmo07iIMLIA2a3KqnbrlJqDdpDEO2wMxakGtJFOuB9p U9gg==
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Openpgp: preference=signencrypt
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0

As I am currently implementing the client authorization for onion
service v3 (https://github.com/torproject/tor/pull/36), I found some
problems in how we should let the users configure the client auth for
their services.

Before getting into the problem, I will explain how it works first.

--
Each client will have two private keys to authenticate with the service.
One is x25519 key and the other is ed25519 key.

The x25519 one is used to decrypt the descriptor when the client wants
to access the service, so if the client is not authorized, it will never
know the introduction points, the intro auth keys, and so on, and then
it absolutely cannot access the service.

The ed25519 one is for another layer of authentication. Even if the
client can decrypt the descriptor using the x25519 private key, it still
need to have the ed25519 to authenticate itself directly to the service
using the extension field in INTRODUCE1 cell.

At first glance, it seems that the ed25519 one is not necessary because,
if the client is able to decrypt the descriptor, it already means the
client is already authenticated. Why do we need to have another layer of
authenticate?

The answer is that the ed25519 provides more find-grained access control
for example:
	
1) you could use it to revoke a client without the need to rotate all
the intro points and push new descriptor.
2) you can have more fine-grained control on your users and potentially
offer different types of access structure to different users using their
ed25519 keys as identifier.
--

The spec says that the client must have both keys and use both to
authenticate, but, for me, these two things are quite independent. I
think they can be considered two different authentication types. The
service should be able to enable one and disable the other. For example,
If I disable the x25519 while I enable ed25519, I can add a new client
immediately without the need to rotate the intro points.

If rotating intro points is not an issue and the only purpose of ed25519
is to have more fine-grained access control, the current spec is fine.
But if rotating intro points is an issue, we should rethink about this.

So, I created a PR for the change in torspec.
https://github.com/torproject/torspec/pull/7
(in the PR, the x25519 auth is called 'basic' and the ed25519 auth is
called 'intro')

We need your opinions about this.
Should we let the service enable one while disable the other?
Or should we require the service to enable both for all clients?

If you want to let the service be able to enable one while disable the
other, do you have any opinion on how to configure the torrc?

Cheers,
haxxpop

This is a discussion log that we had earlier.

[22:39:23] <meejah> v3 "basic" auth is different from v2 "basic" auth,
right? Perhaps a different name-string for the v3 one would be good?
[22:39:44] <asn> meejah: good point
[22:39:57] <asn> perhaps we can name it "pubkey" auth or something more UX-y
[22:40:35] <meejah> asn: sounds good to me (my perspective is to avoid
naming-weirdness for controllers and having to explain to users "well,
this 'basic' is different from this other 'basic' because you said
version=3")
[22:40:43] <asn> right
[22:40:44] <asn> makse sense
[22:40:51] <asn> haxxpop: ^ what do u think
[22:40:51] <asn> ?
[22:45:01] <haxxpop> meejah, asn yes I agreed. maybe we should change it
to something else
[22:46:10] <haxxpop> meejah, asn In fact, the word 'basic' appears only
once in the v3 spec !
[22:48:05] <asn> haxxpop: yeah... perhaps we can rename it to "pubkey"
which describes it pretty well for nerds. or to "standard" which is a
synonym for "basic" and it will confuse everyone.
[22:50:59] <haxxpop> asn, I think both "basic" and "intro" use pubkeys.
[22:51:26] <haxxpop> asn, I think if we call "basic" "pubkey", it may
imply that "intro" doesn't use pubkeys.
[22:51:35] <asn> true
[22:52:20] <asn> i'm still not sure if i like:
[22:52:20] <asn>  +        HiddenServiceAuthorizeClient basic
client-name,client-name,...
[22:52:20] <asn>  +        HiddenServiceAuthorizeClient intro
client-name,client-name,...
[22:52:30] <asn> mainly because it's gonna be quite hard to explain to
people what these two lines mean
[22:52:34] <asn> (to hs operators)
[22:52:37] <asn> like what's the difference
[22:52:42] <asn> and usually they should have both enabled
[22:52:53] <asn> what i imagined initially is that we would keep the
torrc logic the same
[22:53:04] <asn> and maybe expose a torrc option for advanced users to
do HiddenServiceDisableIntroAuth
[22:53:07] <asn> or something
[22:53:11] <asn> anyway i need to think about this!
[22:53:25] <haxxpop> asn, Nice point
[23:08:35] <meejah> asn: haxxpop: "pubkey" sounds good to me. People who
are "just clients" probably don't care what the string is (? maybe? UX
people?) and people running the services probably count as "nerds" :)
[23:08:59] <asn> agreed
[23:09:02] <meejah> (but, I don't personally understand what these
schemes are so maybe I shouldn't be naming them ;)
[23:09:08] <asn> ideally those things should not be exposed to the users
anyway
[23:09:19] <asn> they should be wrapped by the browser or something
[23:11:46] <meejah> asn: in txtorcon at least, they aren't really;
preferred new-API is "async with tor.onion_authentication(onion_host,
some_auth_object)" for py3, or "tor.add_onion_authentication(..)" --
ideally this can be used by "actual application" to transmit the
credentials to users in some way
[23:11:52] <meejah> (e.g. maybe via magic-wormhole)
[23:12:35] <meejah> I assume that *ideally* the clients generate
keypairs, and send pubkeys to the service..?
[23:22:45] <asn> meejah: yes ideally clients generate keypairs
[23:23:00] <asn> meejah: but service-generated keypairs can also be
done, to immitate current symmetric-key design
[23:26:08] <dmr> asn: there's lots of reasons to keep v2 "basic"
separate from v3 "basic" - limited bug reports, presentations, error/log
messages, internet searches, ...
[23:26:34] <dmr> like meejah I also don't know what the schemes are, so
that's the extent of my input :)
[23:26:51] <dmr> glad to hear it sounds like we're all in agreement to
use something other than "basic" for v3
[23:46:12] <meejah> asn: okay, ack. It would be neat to see an
application using magic-wormhole for an "invite a new client" flow;
perhaps I'll try a PoC when v3-auth is available; is it in master already??

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] HS v3 client authorization types
  - From: meejah

Prev by Author: Re: [tor-dev] HS v3 client authorization types
Next by Author: Re: [tor-dev] HS desc replay protection and ed25519 malleability
Previous by thread: [tor-dev] sbws meeting notes 26 April 2018
Next by thread: Re: [tor-dev] HS v3 client authorization types
Index(es):
- Author
- Thread