On Tue, 03 Jan 2012 19:52:00 +0000, Julian Yon <julian@xxxxxxxxxx> said:
jry> Eventually Alice takes a vacation and Mallory is
jry> successful at keeping the service offline for $expiry_time. At
jry> this point the nym can be hijacked as no secret is needed to
jry> claim it.
Two things here.
Firstly, the advertisement of the nym with the introduction hosts
would be signed with the hidden service's key, the pair
(Hash("somenym"), Srv_PubKey) would be kept cached around the network
allowing it to be reclaimed should the hidden service move
around. Similarly, to flesh things out, a nym could be released or
transferred with a similarly signed message.
Secondly, on the expiry, that idea was copied as I understood it from
the original proposal, designed to mitigate nym squatting, and
allowing nyms to be eventually recycled. I'm not necessarily convinced
by it and haven't thought about this aspect very closely. A malicious
nym squatter could trivially maintain lots of mappings directly
anyways. And likewise a clever DOS designed to cause the registration
to expire would make nym hijacking possible, and this is true, I
think, wherever there is an expiry mechanism.
Cheers,
-w
--
William Waites <wwaites@xxxxxxxxxxxxxxx>
Visiting Researcher, Laboratory for Foundations of Computer Science
School of Informatics, University of Edinburgh
Attachment:
pgplTXwVNuWWp.pgp
Description: PGP signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev