[tor-bugs] #28275 [Core Tor/Tor]: hs-v3: Rotate intro points and close RP circuits when removing client auth service side
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Nov 6 10:45:38 UTC 2018
#28275: hs-v3: Rotate intro points and close RP circuits when removing client auth
service side
------------------------------+------------------------------------
Reporter: dgoulet | Owner: (none)
Type: defect | Status: needs_information
Priority: Very High | Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor | Version: Tor: 0.3.5.1-alpha
Severity: Normal | Resolution:
Keywords: security, tor-hs | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+------------------------------------
Comment (by asn):
Replying to [comment:6 dgoulet]:
> I'm fine with not closing all RP circuits as long as we document it
properly and that the solution for "really revoking" a client would be to
restart tor in this case.
>
> As for rotating intro points, old descriptor can still connect if we
don't meaning that all "new" requests like arma mentions will still work.
>
> However, the reachability impact is pretty strong especially if the
service does that every let say 5 minutes... Again, we could simply
document that if you want the "really revoking" access, then restart tor.
Sounds good to me. Perhaps we can even add a log msg warning the user if a
client was revoked?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28275#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list