[tor-bugs] #15991 [Tor]: Option to skip authorization verification in INTRODUCE2 cell
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon May 25 11:24:37 UTC 2015
#15991: Option to skip authorization verification in INTRODUCE2 cell
-----------------------------+-----------------
Reporter: donncha | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Resolution: | Keywords: hs
Actual Points: | Parent ID:
Points: |
-----------------------------+-----------------
Comment (by donncha):
Thanks for the feedback. I'm not really aware of the risks arising from
publicly publishing a HS instance's IPs. It could allow an attacker
running HSDirs to determine that the HS is using (somethingl ike)
OnionBalance, if they see that the same IP is incorporated in multiple
descriptors.
Is it a big problem is an attacker can discover that a HS is using
OnionBalance? Looking at the data in #15513, I think it might be difficult
to select IPs from multiple instances in a way that wouldn't be
distinguishable from the behaviour of a standard HS.
At the moment, I'm planning to implement #3521, it should allow the
management service to more reliably fetch up-to-date descriptors from the
HS instances when the IPs change. It should also avoid the need for this
ticket.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15991#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list