[tor-dev] Hidden service policies

Mike Hearn mike at plan99.net
Mon Jul 21 09:42:29 UTC 2014

> This isn't about 'acceptable usage of Tor', this is necessary compromise
> to limit exit operators' exposure to ISP harrassment.

Even if we accept your premise that no exit operator cares about internet
abuse, it's still the same thing. ISP's define what is acceptable usage of
their internet connections and by implication, what is acceptable usage of
the Tor exit. Tor could ignore what ISPs want (which is usually quite
reasonable), but then "no Tor" clauses in ISP acceptable usage policies
would just become even more prevalent.

> The ability to do this implies the ability for intro points to learn the
> identity public keys of hidden services they are introducing.
>  Unfortunately,
> I believe this sort of enumeration attack is possible with the current HS
> protocol, but I think proposal 224 will fix it.

It is currently possible and I am aware of proposal 224, which is why I'm
bringing this up now. I don't think this is something that should be fixed
without a *lot* of thought given to the consequences. I am by the way quite
aware of all the counter arguments already, but someone has to play the
devil's advocate here.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140721/eaf7cf21/attachment.html>

More information about the tor-dev mailing list