September 2019 - tor-onions - lists.torproject.org

HSv3 load balancing: not yet?
by rossulbricht＠cock.li 25 Sep '19

25 Sep '19

I read the tor hsv3 specs and saw some parts considering load balancing. === 1.5. In more detail: Scaling to multiple hosts This design is compatible with our current approaches for scaling hidden services. Specifically, hidden service operators can use onionbalance to achieve high availability between multiple nodes on the HSDir layer. Furthermore, operators can use proposal 255 to load balance their hidden services on the introduction layer. See [SCALING-REFS] for further discussions on this topic and alternative designs. === The reason for a maximum value of 20 is to give enough scalability to tools like OnionBalance to be able to load balance up to 120 servers (20 x 6 HSDirs) but also in order for the descriptor size to not overwhelmed hidden service directories with user defined values that could be gigantic. === So... can we benefit from this? Onionbalance seems to have been abandoned and prop255 seems to have stalled. Is there any effective way to properly load balance hsv3?

2 1

(no subject)
by Amadou Sene 06 Sep '19

06 Sep '19

Mot de passe tor

1 0

(No Subject)
by MikeQ 06 Sep '19

06 Sep '19

Sent from ProtonMail mobile

2 1

Doubts about onion v3 services
by Elige TuMooc 06 Sep '19

06 Sep '19

As far as I know (if there is any error, please tell me), the onion v3 services allow the master keys -public and secret (or private)- ed25519, generated in the directory stipulated in "HiddenServiceDir" to be stored offline (on a pendrive, for example), because the secret key is used "only" to generate derived keys, which are what the service actually uses. As far as I can read in the corresponding protocol, the derivations of the master keys (which can be stored offline) are: "blinded signing keys and descriptor signing keys (and their credentials), and their corresponding descriptor encryption keys" ( https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt#n529) Assuming the above is correct,I have some doubts: 1. The keys and other elements derived from the public and private master keys (like “blinded signing keys”) are generated by the operator, according to the protocol. Will Tor incorporate any software/tools that make this procedure easier for the user? 2. If the operator does not generate the derived elements, and only modifies the torrc file to add "HiddenServiceDir" and "HiddenServicePort", will the onion service work, or will the lack of the derived elements not work? 3. As far as I understand, currently the option to save offline the master keys is not available. Does this mean that derived elements, such as "blinded signing keys" are not used yet? To what extent is the v3 protocol implemented? 4. V3 encrypts the onion service descriptor sent to the "HSDir" node to prevent these nodes from collecting onion addresses. But is this currently happening, even if the operator does not generate the derived keys using the master key pair? I apologize for any write errors (English is not my mother tongue).

2 1