[tor-bugs] #28275 [Core Tor/Tor]: hs-v3: Rotate intro points and close RP circuits when removing client auth service side

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Nov 3 12:30:19 UTC 2018 

#28275: hs-v3: Rotate intro points and close RP circuits when removing client auth
service side
------------------------------+------------------------------------
 Reporter:  dgoulet           |          Owner:  (none)
     Type:  defect            |         Status:  new
 Priority:  Very High         |      Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor      |        Version:  Tor: 0.3.5.1-alpha
 Severity:  Normal            |     Resolution:
 Keywords:  security, tor-hs  |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+------------------------------------

Comment (by arma):

 For the "cutting all RP circuits" side, compare to how we handle changes
 in ExitPolicy, or how we handle changes to SocksPolicy: the config change
 only impacts how we respond to new requests. That is, we don't cut
 existing exit connections when the exit policy changes, or existing socks
 connections when the socks policy changes. As an even more extreme
 example, I think we leave OR and exit connections as-is when ORPort gets
 disabled too. All of these config options focus on how we will treat new
 requests.

 As for the "rotating intro points" side, I haven't kept up on the auth
 design here, but I just looked through rend-spec-v3.txt. It looks like
 there are two components to the client auth -- one is whether the client
 can decrypt the descriptor (to learn the intro points), and the other is
 whether the client can prove that it's authorized in the INTRODUCE1 cell?
 I'm tempted to try to solve this one by defining "revoke" to focus on that
 second component. I also wish we had actual use cases for this client auth
 design, so we wouldn't be left trying to debate over what future
 hypothetical users would want the system to do.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28275#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list