[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-dev] Temporary hidden services
- To: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Subject: [tor-dev] Temporary hidden services
- From: Michael Rogers <michael@xxxxxxxxxxxxxxxx>
- Date: Thu, 27 Sep 2018 13:43:54 +0100
- Autocrypt: addr=michael@xxxxxxxxxxxxxxxx; prefer-encrypt=mutual; keydata= xsBNBE+DF5gBCADGR+FvMLv2vtjznaZbfqRVLNnxfFzXwO8LPu8MdwDMYFEubTx9pCz5Z/jI +BEI+rkhbJbJYRw13rj7zEJWN2+QUb4YtaHCcR1ClA5pcZUurPqbMsFlIruEufydoCcEiTUN FtP/8MrYy70BqDzIgLzpS9tk7CwY2CELm8z0aLIa4th6rjUTIZb+2DbIrVUIwLbub/W014aJ hH942bGO/pbMz8QCdLjtT0YKTiLTDvU0gPA50YxBZHWKqHjJS+35cJUvVxILgSiqqeAkHPks 0IerMGTXBt5QaPamBEo9cGNr0hnRizwvRBPMcG2YDl5CJazUWwCe3FNRUzFfbMq9l3+PABEB AAHNKU1pY2hhZWwgUm9nZXJzIDxtaWNoYWVsQGJyaWFycHJvamVjdC5vcmc+wsB+BBMBAgAo AhsjBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCWznfSAUJDZf7MAAKCRARBE/Rn8UnzOPx B/4zVF0oduFMqtXfI+9eVTfilvWW9BQKk4AO78ECWVDfflKYhBKtmW+bZTfJ8OM0iQFS/i2Z E/++0K68dhpRE/FT24jTYosnknFJvov5uAlNiERkXlVhuIGMfJ94XpncEIj5Ji+IHX7PD+RG eVhgQAWhvzYFXUJ8aGXCVWymz/1NOFKRvaSBfjmjMpZnTcbCDVtPFIS+Ha3yS4ql148r0wQc /MOR72vhM8R0obHfKExAeAUc1SlvAeBMvyrb3gRnTrMrNh1ap/gNrrSXChiT+zaIMatQlQS8 o4gNn3AptTxvGW1vhzZPm4nHaVBe1TpFKRkCSKBhClIJVZj+DUqb85zNzsBNBE+DF5gBCADV J1q9uGuCePE8wqybJMtjXxAbx+luDeIHrLCPT4E8H2J+v+X/74iRjBoMlZ3JVpaQPVR05nM4 7Vyj0KRhPucv6TH0S9A2cSPiAnWyMIoYOCcYjL8LrPRYdoeLd8b1m7n/KUyi+pOkN/pxJUH5 63gvs4xl+agyhNXkVxxDf2wipZmrr851qSUZJoo/NFfuIW13MU0HyslQaI5fZ4kSV3jgU+QJ eSiScgHRGthDRIFXNzhi8TG8KFi/SXVxGAD5ZYNVV76TzYjXOunCnPsXjj3sV8NqgqhCPpGl DtI5be09FjBKqPzNBVzJFXuPYUv30uLyS7EzKZ089zvn/pN/xDWtABEBAAHCwGUEGAECAA8C GwwFAls5304FCQ2X+zYACgkQEQRP0Z/FJ8w68Af/W0XMekchtEvmubiOLXLGnIq7kGuQLp8s aF9696cEWc0vpL6B4zJWeS4Kr4zPMu2Y0XuKsv+XCrKy+rJnUdYgoLiHNEW4629+OibYqV3m XAv3Xkx7YGMi/2rke9dOa6ieyntXgy/3KKgbv12RGVvY5LxFjXy8wV+MIPw5ErAci/1baLNM LcSeMGOpdFtygPTXC/WOTG4gBngAWpBcxR8PeUlo+BDWq9Rpv8bmGSMROqxWIMOFN2IERoy/ szQQTSJvvw6UXnPocKgJSQpljyVEkyU0fK56d+abbZ3QPAsplDEjH8uqnlfdtGGmI7tSQKXJ yXIisGSYk+M4Bq7HrnYO0A==
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Thu, 27 Sep 2018 09:26:04 -0400
- List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
- List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
- List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
- List-post: <mailto:tor-dev@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
- Openpgp: preference=signencrypt
- Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0
Hi all,
The Briar team is working on a way for users to add each other as
contacts by exchanging links without having to meet in person.
We don't want to include the address of the user's long-term Tor hidden
service in the link, as we assume the link may be observed by an
adversary, who would then be able to use the availability of the hidden
service to tell whether the user was online at any future time.
We're considering two solutions to this issue. The first is to use a
temporary hidden service that's discarded after, say, 24 hours. The
address of the temporary hidden service is included in the link. This
limits the window during which the user's activity is exposed to an
adversary who observes the link, but it also requires the contact to use
the link before it expires.
The second solution is to include an ECDH public key in the link,
exchange links with the contact, and derive a hidden service key pair
from the shared secret. The key pair is known to both the user and the
contact. One of them publishes the hidden service, the other connects to
it. They exchange long-term hidden service addresses via the temporary
hidden service, which is then discarded.
The advantage of the second solution is that the user's link is static -
it doesn't expire and can be shared with any number of contacts. A
different shared secret, and thus a different temporary hidden service,
is used for adding each contact.
But using a hidden service in such a way that the client connecting to
the service knows the service's private key is clearly a departure from
the normal way of doing things. So before pursuing this idea I wanted to
check whether it's safe, in the sense that the hidden service still
conceals its owner's identity from the client.
Attacks against the availability of the service (such as uploading a
different descriptor) are pointless in this scenario because the client
is the only one who would connect to the service anyway. So I'm just
interested in attacks against anonymity.
Can anyone shed any light on this question? Or is this way of using
hidden services too disgusting to even discuss? :-)
Thanks,
Michael
Attachment:
0x11044FD19FC527CC.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev