On 18 November 2014 21:53, grarpamp grarpamp@gmail.com wrote:
On Tue, Nov 18, 2014 at 12:55 PM, George Kadianakis desnacked@riseup.net wrote:
plans for any Tor modifications we want to do (for example, trusting self-signed certs signed by the HS identity key seem like a generally good idea).
If the HS pubkey and the onion CN were both in the cert, and signed over by that same key all corresponding to the url the TBB is currently attempting to validate, that would seem fine to me. No interaction with the controller (which may not even be accessible [1]) needed to get the HS descriptor (pubkey). Security is limited to 80-bits, or the future wider proposal. It's also a TBB specific extension. All other browsers pointed at socks5 somewhere will still rightly fail, unless adopted upstream (which MSIE won't do) or via standards. Note that this is not 'turning off the warnings for all .onion', it's recognizing that attestation of the HS key is sufficient to show ownership of that service. Whereas under various attacks a traditional selfsigned cert is not.
If I've put a .onion url into the address bar in Tor Browser, and it connects me - absent a bug in tor, 80-bit collision, or 1024-bit factoring I know I'm talking to an endpoint on the other side that is authoritative for the public key corresponding to the onion address. At that point, they can tell me whatever they want, and I know I'm still talking to the correct endpoint - like you said, the .onion resolving and succeeding in connecting attested to the service.
So I'm not sure I understand the attacks you're talking about. It's true that if, on the relay hosting the HS, you forwarded it to another machine and that connection was attacked (between your webserver and your HS relay) - the connection would be insecure. But I consider that to be outside Tor. You had a responsibility to make your application secure and you didn't, same as if you had SQL injection.
You mention "All other browsers pointed at socks5 somewhere will still rightly fail" - that's still the case. I'm not talking about putting this .onion SSL bypass stuff into little-t tor, I'm talking about making it a Tor Browser Extension - if that crossed our wires.
-tom