[tor-dev] A modest proposal for a petname system in ideas/xxx-onion-nyms.txt

[Julian Yon]

On 02/01/12 10:59, William Waites wrote:
> What if instead, we used a similar mechanism as we already have for
> the hidden services and do say hash("antani").nym and push that out to
> the introduction hosts. The introduction hosts would check if they can
> resolve it, if they can, the request is rejected, if they cannot then
> they keep the mapping (careful implementation to avoid race conditions
> here). Have an cache+expiry mechanism from there so the mapping isn't
> trivially lost when the hidden host goes offline.

If I'm understanding you correctly...

Let's say Mallory discovers a scripting error and exploits it to
fork-bomb Alice's service. It has insufficient resources to keep the
hidden service online but still responds to pings and even manages to
serve an occasional static page on a non-hidden address, fooling Alice's
home-grown monitoring solution. Alice of course notices the problem when
she manually checks the service, but she attributes the failures to
something else, leaving Mallory free to keep trying. Eventually Alice
takes a vacation and Mallory is successful at keeping the service
offline for $expiry_time. At this point the nym can be hijacked as no
secret is needed to claim it.

Am I missing something?


Julian

-- 
3072D/F3A66B3A Julian Yon (2012 General Use) <pgp.2012 at jry.me>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 294 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20120103/c82ef289/attachment.pgp>