[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] prop224: Ditching key blinding for shorter onion addresses

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] prop224: Ditching key blinding for shorter onion addresses
From: Nick Mathewson <nickm@xxxxxxxxxxxx>
Date: Fri, 29 Jul 2016 11:37:40 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 29 Jul 2016 11:37:57 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=pTQjkAt5SMzw5PAzT+QSCKOuA8eos7xn2rt4iEDFu4U=; b=NB+zqNX9QH2fMEJPEF9bNKsRQC/9LJLKkHwbUGWBIpob/mLjstah0hrJcjnQbDcxKH DxuNR6q1fJEDewOqOHAvh1ANiQg2qfWp2x3NPeiHXnV2l9jhF/nksvtglP+jcUXvGZAw AsnsrJsb/C0m5GJTF1aOTIyCrEEjGbz5co3D3XEO43+WvYwcFyXZVvJnTxCi8ZdpIhCo HItanH1YMPt1qwPaxs7v1mE8NxGbczB5OGpWOf2lWgqy2xlUQeRzpRF6jJLsavR813nB 5DhuApD4jLwLzE7Po5p8rjuRdLYhsFo6mYvdEkGK9nuHStl3C9qvbBIcjcDDAxxboscp hN0A==
In-reply-to: <87oa5g5utt.fsf@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <87oa5g5utt.fsf@riseup.net>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On Fri, Jul 29, 2016 at 11:26 AM, George Kadianakis
<desnacked@xxxxxxxxxx> wrote:
> So basically in this scheme, HSDirs won't be able to verify the signatures of
> received descriptors.
>
> The obvious question here is, is this a problem?

I'm not sure I fully understand, so here's a couple of quick questions
before I look more deeply.  (I'm assuming that descriptors are indexed
by their ephemeral address here.  If that's wrong and they're indexed
by something other than than ephemeral address, my analysis is wrong.)

1) In your scheme, how does descriptor replacement work?  In the
current scheme, if my introduction points change, I can upload a new
descriptor.  In this scheme, it seems that either _anyone_ can upload
a new descriptor with the same ephemeral address (which is insecure),
or descriptors cannot be replaced (which is problematic).

2) Even if descriptors can't be replaced, there's still a problem:
What stops an attacker from racing the hidden service to try to upload
their own competing descriptor with the same ephemeral address?
-- 
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] prop224: Ditching key blinding for shorter onion addresses
  - From: George Kadianakis

References:
- [tor-dev] prop224: Ditching key blinding for shorter onion addresses
  - From: George Kadianakis

Prev by Author: Re: [tor-dev] [network-team] [doodle poll] Meeting to discuss guard proposal draft status
Next by Author: Re: [tor-dev] [network-team] [doodle poll] Meeting to discuss guard proposal draft status
Previous by thread: [tor-dev] prop224: Ditching key blinding for shorter onion addresses
Next by thread: Re: [tor-dev] prop224: Ditching key blinding for shorter onion addresses
Index(es):
- Author
- Thread