[tor-dev] Hidden Service authorization UI
infinity0 at torproject.org
Fri Nov 21 12:25:17 UTC 2014
On 09/11/14 12:50, George Kadianakis wrote:
> Hidden Service authorization is a pretty obscure feature of HSes, that
> can be quite useful for small-to-medium HSes.
> Basically, it allows client access control during the introduction
> step. If the client doesn't prove itself, the Hidden Service will not
> poroceed to the rendezvous step.
> This allows HS operators to block access in a lower level than the
> application-layer. It also prevents guard discovery attacks since the
> HS will not show up in the rendezvous. It's also a way for current
> HSes to hide their address and list of IPs from the HSDirs (we get
> this for free in rend-spec-ng.txt).
> In the current HS implementation there are two ways to do authorization:
> both have different threat models.
936 "client-key" NL a public key in PEM format
A private key is what's actually generated. Not sure if it's a bug in the spec, or a bug in tor. From a quick read of the rest of it, I'm guessing the spec?
More information about the tor-dev