[tor-dev] Hidden Service authorization UI

Ximin Luo infinity0 at torproject.org
Fri Nov 21 12:25:17 UTC 2014

On 09/11/14 12:50, George Kadianakis wrote:
> Hidden Service authorization is a pretty obscure feature of HSes, that
> can be quite useful for small-to-medium HSes.
> Basically, it allows client access control during the introduction
> step. If the client doesn't prove itself, the Hidden Service will not
> poroceed to the rendezvous step.
> This allows HS operators to block access in a lower level than the
> application-layer. It also prevents guard discovery attacks since the
> HS will not show up in the rendezvous. It's also a way for current
> HSes to hide their address and list of IPs from the HSDirs (we get
> this for free in rend-spec-ng.txt).
> In the current HS implementation there are two ways to do authorization:
> https://gitweb.torproject.org/torspec.git/blob/HEAD:/rend-spec.txt#l768
> both have different threat models.


 936      "client-key" NL a public key in PEM format

A private key is what's actually generated. Not sure if it's a bug in the spec, or a bug in tor. From a quick read of the rest of it, I'm guessing the spec?



More information about the tor-dev mailing list