[tor-bugs] #28275 [Core Tor/Tor]: hs-v3: Rotate intro points and close RP circuits when removing client auth service side
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Nov 5 12:51:12 UTC 2018
#28275: hs-v3: Rotate intro points and close RP circuits when removing client auth
service side
------------------------------+------------------------------------
Reporter: dgoulet | Owner: (none)
Type: defect | Status: new
Priority: Very High | Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor | Version: Tor: 0.3.5.1-alpha
Severity: Normal | Resolution:
Keywords: security, tor-hs | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+------------------------------------
Comment (by haxxpop):
Replying to [comment:4 arma]:
> one is whether the client can decrypt the descriptor (to learn the intro
points), and the other is whether the client can prove that it's
authorized in the INTRODUCE1 cell? I'm tempted to try to solve this one by
defining "revoke" to focus on that second component. I also wish we had
actual use cases for this client auth design, so we wouldn't be left
trying to debate over what future hypothetical users would want the system
to do.
We previously had a discussion about that second component in the
INTRODUCE1 cell. By that time, we decided to not implement it (and
probably will never) because the only benefit of INTRODUCE1 authorization
is to let the service know which client it is connected to and then the
service can serve different services for different clients.
But that can be implemented easily in the application layer and the
feature is not related to anonymity (not related to Tor). So we thought we
don't need to implement it at all.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28275#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list