[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Hidden Service authorization UI



On 09/11/14 12:50, George Kadianakis wrote:
> Hidden Service authorization is a pretty obscure feature of HSes, that
> can be quite useful for small-to-medium HSes.
> 
> Basically, it allows client access control during the introduction
> step. If the client doesn't prove itself, the Hidden Service will not
> poroceed to the rendezvous step.
> 
> This allows HS operators to block access in a lower level than the
> application-layer. It also prevents guard discovery attacks since the
> HS will not show up in the rendezvous. It's also a way for current
> HSes to hide their address and list of IPs from the HSDirs (we get
> this for free in rend-spec-ng.txt).
> 
> In the current HS implementation there are two ways to do authorization:
> https://gitweb.torproject.org/torspec.git/blob/HEAD:/rend-spec.txt#l768
> both have different threat models.
> 

https://gitweb.torproject.org/torspec.git/blob/HEAD:/rend-spec.txt#l936

 936      "client-key" NL a public key in PEM format

A private key is what's actually generated. Not sure if it's a bug in the spec, or a bug in tor. From a quick read of the rest of it, I'm guessing the spec?

X

-- 
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev