[tor-bugs] #17945 [Tor]: Stop Tor2Web connecting to (Rendezvous) Single Onion Services
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 29 00:12:37 UTC 2015
#17945: Stop Tor2Web connecting to (Rendezvous) Single Onion Services
-----------------------------+--------------------------------
Reporter: teor | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version:
Severity: Normal | Keywords: rsos, sos
Actual Points: | Parent ID: #17178
Points: | Sponsor:
-----------------------------+--------------------------------
Tor2Web clients make a one-hop connection to the rendezvous point.
Rendezvous Single Onion Services also make a one-hop connection to the
rendezvous point. (Single Onion Services expect a client to make an extend
request to the Single Onion Service at the end of a 3-hop path.)
This uses Tor as a one-hop proxy (in this case, to a single onion
service), which we try to avoid, because it enables certain attacks.
For Rendezvous Single Onion Services, I don't know how to prevent this
happening. (Should the rendezvous point intervene? Should we add something
to the RSOS descriptor?)
For Single Onion Services, we can modify the Tor2Web client code so it
doesn't make the SOS extend request, but falls back to rendezvous mode.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17945>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list