[tor-bugs] #16062 [Tor]: Pseudonymous bidirectional user/caller authentication (true P2P)

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun May 17 17:20:21 UTC 2015 

#16062: Pseudonymous bidirectional user/caller authentication (true P2P)
-------------------------+---------------------
 Reporter:  vynX         |          Owner:
     Type:  enhancement  |         Status:  new
 Priority:  normal       |      Milestone:
Component:  Tor          |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+---------------------
 One big deal that differentiates Tor from all of the P2P networks is that
 Tor cannot easily be used for true peer-to-peer applications. I assume the
 reason is there is no way to authenticate an incoming circuit other than
 by doing some XMPP-like dialback mumbo jumbo. This to me sounds like an
 unnecessary deficit.

 It should be an option for Tor users or applications to store the key used
 in end-to-end communications with a hidden service such that they can
 pseudonymously reappear as the same entity when reconnecting at a later
 time.

 They could also have the ability to use the identity of their own hidden
 service in outgoing calls, making it thus trivial for any receiver to call
 back.

 Use cases are not only all sorts of P2P applications such as Tor-based
 instant messengers, chat and social networking systems, but even the mere
 manageability of users on forum-like hidden websites. Instead of forcing
 visitors to go through the terrible procedures of name registration,
 captcha compliance and password storage, they could simply be identified
 by their pseudonymous identity and possibly gain privileges on the site by
 time spent or other interaction criteria. In other words, pseudonymous
 authentication would play out systemic strengths of Tor's public-key-based
 routing in a way that makes websites more pleasurable to use than with the
 regular Internet.

 From my humble understanding of the Tor architecture, only two changes are
 needed:
 – An API for apps and users to classify the interaction with certain
 onions as pseudonymous rather than anonymous.
 – An API for hidden services to access the pseudonymous authentication
 data when provided.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16062>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list