[tor-bugs] #17945 [Core Tor/Tor]: Stop single hop client connections to Single Onion Services (was: Stop single hop client connecting to (Rendezvous) Single Onion Services)

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jul 2 05:17:42 UTC 2018 

#17945: Stop single hop client connections to Single Onion Services
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  dgoulet
     Type:  enhancement                          |         Status:
                                                 |  accepted
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor2web, tor-hs, 029-proposed, 029   |  Actual Points:  0.4
  -teor-no, needs-design, needs-proposal-maybe,  |
  single-onion, review-group-33,                 |
  034-triage-20180328, 034-removed-20180328      |
Parent ID:  #24962                               |         Points:  5
 Reviewer:  asn, teor                            |        Sponsor:
-------------------------------------------------+-------------------------
Description changed by teor:

Old description:

> Tor2Web clients make a one-hop connection to the rendezvous point.
> Rendezvous Single Onion Services also make a one-hop connection to the
> rendezvous point. (Single Onion Services expect a client to make an
> extend request to the Single Onion Service at the end of a 3-hop path.)
>
> This uses Tor as a one-hop proxy (in this case, to a single onion
> service), which we try to avoid, because it enables certain attacks.
>
> For Rendezvous Single Onion Services, I don't know how to prevent this
> happening. (Should the rendezvous point intervene? Should we add
> something to the RSOS descriptor?)
>
> For Single Onion Services, we can modify the Tor2Web client code so it
> doesn't make the SOS extend request, but falls back to rendezvous mode.

New description:

 Tor2Web clients make a one-hop connection to HSDirs, intro points, and
 rend points. Single Onion Services also make a one-hop connection to the
 rendezvous point.

 This uses Tor as a one-hop proxy (in this case, to a single onion
 service), which we try to avoid, because it enables certain attacks. We
 also try to avoid single hop connections in the onion service protocol,
 because they give IP addresses to middle relays.

 See the child tickets for details.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17945#comment:60>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list