[tor-dev] Hidden service policies

Andrea Shepard andrea at torproject.org
Sun Jul 20 22:57:08 UTC 2014 

On Mon, Jul 21, 2014 at 12:34:50AM +0200, Mike Hearn wrote:
> Hello,
> 
> As we know, hidden services can be useful for all kinds of legitimate
> things (Pond's usage is particularly interesting), however they do also
> sometimes get used by botnets and other problematic things.
> 
> Tor provides exit policies to let exit relay operators restrict traffic
> they consider to be unwanted or abusive. In this way a kind of
> international group consensus emerges about what is and is not acceptable
> usage of Tor. For instance, SMTP out is widely restricted.

This isn't about 'acceptable usage of Tor', this is necessary compromise
to limit exit operators' exposure to ISP harrassment.  No analogous situation
applies for encrypted traffic crossing a middle relay.

> Has there been any discussion of implementing similar controls for hidden
> services, where relays would refuse to act as introduction points for
> hidden services that match certain criteria e.g. have a particular key, or
> whose key appears in a list downloaded occasionally via Tor itself. In this
> way relay operators could avoid their resources being used for establishing
> communication with botnet CnC servers.
> 
> Obviously such a scheme would require a protocol and client upgrade to
> avoid nodes building circuits to relays that then refuse to introduce.
> 
> The downside is additional complexity. The upside is potentially recruiting
> new relay operators.

The ability to do this implies the ability for intro points to learn the
identity public keys of hidden services they are introducing.  Unfortunately,
I believe this sort of enumeration attack is possible with the current HS
protocol, but I think proposal 224 will fix it.

-- 
Andrea Shepard
<andrea at torproject.org>
PGP fingerprint (ECC): BDF5 F867 8A52 4E4A BECF  DE79 A4FF BC34 F01D D536
PGP fingerprint (RSA): 3611 95A4 0740 ED1B 7EA5  DF7E 4191 13D9 D0CF BDA5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 328 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140720/1e57ab51/attachment.sig>

More information about the tor-dev mailing list