[tor-bugs] #15846 [Onionoo]: Sign responses
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 28 14:19:07 UTC 2015
#15846: Sign responses
-------------------------+---------------------
Reporter: karsten | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Onionoo | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+---------------------
Nusenu [https://lists.torproject.org/pipermail/tor-
dev/2015-April/008726.html writes on tor-dev@]: "I might want to prove to
third parties that I'm indeed processing/providing authentic historic
onionoo documents from onionoo.tpo. What do you think of signing them?"
Let's consider signing responses. What would we gain, and how would we do
it?
Pros:
- We already provide Onionoo via https. I guess including a signature in
the response would enable people to archive that signature and verify it
later, which is not possible with https. That's what Nusenu has in mind,
I think.
Cons:
- Signing responses causes some computation overhead, and it makes
responses larger.
- Where in the JSON document would we add the signature? Are there
standards for this, and are there tools supporting them that can be found
in Debian stable? This is a con, because it's probably non-trivial to do.
Similar to #15845, I'm leading towards no, but maybe I'm overlooking
something.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15846>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list