Re: [tor-dev] Proposal: Load-balancing hidden services by splitting introduction from rendezvous

Subject: Re: [tor-dev] Proposal: Load-balancing hidden services by splitting introduction from rendezvous

From: Tim Wilson-Brown - teor <teor2345@xxxxxxxxx>

Date: Sun, 4 Oct 2015 06:46:50 +0200

Delivery-date: Sun, 04 Oct 2015 00:47:07 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:message-id :references:to; bh=KgCza99qlD6/eZbWHmFve1NRRMI6v0C2Ab32zCxGd/I=; b=tA/2okkwCGiEI9s+k/7x5b9uythxusgp8RV2+Xh44gHt5X7pwFW+8ugToGfCoBLGb6 iaQg1bFnqCmB2euPqUXrq2tnqfk4IfbDQuI/KYSPP7hmMhBbmLJKI5HK7Mtck5mlNUI5 eL7L8HbldllAjFJRyxkojZnIhkGHxGyU2F2CjAh4uObeO62K5fP+49znYMPEuOJTXejH HfLhshwP5U6pFsgEKulmyWyxS97KSRIFHbVFch1btyIUxA4GuuZy2JwYDGSFVoyIrEFX MzlpQsuadd4ahj+OeJB75EATiTBWPdhXOlMavffULAJKkWnIz84pJtDMvps0DRq0Ch8w ZjuQ==

In-reply-to: <560FBD50.1080309@xxxxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-dev/>

List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>

List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>

List-post: <mailto:tor-dev@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>

References: <560BFF60.6020408@xxxxxxx> <E901539F-E64A-4EBD-8850-6480D6B3ED97@xxxxxxxxx> <560E7C06.7070303@xxxxxxx> <F39BBD5B-5929-47A9-84E6-5900BB9DA9F8@xxxxxxxxx> <560FBD50.1080309@xxxxxxx>

Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 3 Oct 2015, at 13:34, Tom van der Woerdt <info@xxxxxxx> wrote:
...
3. Compatibility and security

The implementation of these methods should, ideally, not change
anything in the network, and all control changes are opt-in, so this
proposal is fully backwards compatible.

Controllers handling this data must be careful to not leak rendezvous
data to untrusted parties, as it could be used to intercept and
manipulate hidden services traffic.

After thinking through this, I wonder if the rendezvous data should contain the decrypted cell, rather than the introduction point key and the encrypted cell. That way, if an INTRODUCE event is exposed, only the one rendezvous referred to by the event is vulnerable. (Exposure of the introduction point key means that all introductions from that point are vulnerable until it is rotated, however, there are other layers of encryption protecting the INTRODUCE2 cells [but we shouldn’t rely on these, because we want defence-in-depth].)

This is also slightly more efficient, as we are transmitting less data in the INTRODUCE event.

The drawback of this change is that decryption places slightly more load on the tor instance that receives the INTRODUCE2 cell.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev