[tor-bugs] #18759 [Tor]: Extend onion address to include authentication data
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Apr 7 21:06:26 UTC 2016
#18759: Extend onion address to include authentication data
-------------------------+-------------------------------------------------
Reporter: twim | Owner:
Type: | Status: new
enhancement | Milestone:
Priority: Medium | Version:
Component: Tor | Keywords: authenticated, hs, rendclient,
Severity: Normal | address
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------+-------------------------------------------------
At the moment using authenticated onion services is really painful for a
client. One need to find `torrc` somewhere, add a line to it and restart
tor. These requirements are making them effectively usable.
I got an idea to append authentication data directly to hostname. In order
to avoid mixing with upcoming prop224 service ids there should be a
separator. According to RFC 952 is is possible to use hyphen (`-`) in a
hostname as this separator. So we have the following scheme:
`s2mdezeof64lrcft.onion` - public onion
`nf2kpynuymdd63wms6nkq5if4m-s2mdezeof64lrcft.onion` - authenticated onion
As it is base32 there are only two bits left (instead of of 4 with base64)
so we can encode two more auth types.
I've implemented this idea for the client code (you have to convert
descriptor cookie from base64 yourself for now). Please have a look at the
patch attached.
Noticable drawback:
* Due to how client cache works for now, once intropoints are
decrypted/not decrypted there will be cache entry that blocks auth data
change.
This requires client cache rewrite to decrypt intropoints
at each request (make it stateless).
It would be nice to hear any thoughts and comments on this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18759>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list