[tor-dev] Brainstorming ideas for controller features for improved testing; want feedback

Jeff Burdges burdges at gmail.com
Fri Mar 20 17:11:03 UTC 2015 

On 20 Mar 2015, at 12:33, Jeff Burdges <burdges at gmail.com> wrote:

> I could imagine an “onion token” variant of ephemeral hidden services in which the person who initiates the connection does not know what they’re connecting to, like sending a message to a mailbox. Example :
> 
> Alice wants Bob to send her a message asynchronously by anonymously dropping it into a numbered mailbox system, but Alice only wants to check one mailbox for all her contacts, so she does not want Bob to be able to reveal her mailbox. 
> 
> Rough outline : 
> - Alice gives bob a “token” that contains a bunch of pre-encrypted tor extends, data, etc. frames and some additional data such as symmetric keys.  Alice goes offline. 

Actually Alice building this token would presumably involve the mailbox system too since it’s operating as a hidden service itself. 

> - Bob sends Alice’s mailbox a message by building a circuit to a specified machine, encrypting each of the frames supplied by Alice for all of his circuit except the endpoint because Alice already did that encryption, and sending them.  
> - These frames continue building a circuit from that endpoint to wherever Alice wants it to go. 
> - Bob encrypts his data frames using first the additional data supplied by Alice so that they can traverse this longer circuit that he only understands, and then encrypts those for the portion of the circuit he understands. 
> - Alice logs back in, contacts the mailbox hidden service, and retrieves her messages, including Bob’s message. 
> 
> Optional : 
> - Amongst the frames Bob needs to use to set up the circuit might be one that causes re-incryption so that even if an adversary hacked both Bob and the mailbox system they cannot search the mailbox system for Bob’s message. 
> 
> Of course “onion tokens” would not live forever since Alice’s token fails to describe a valid circuit if any server she selected goes down, but maybe it’s provide a nice short-term asynchronous delivery options for IM systems like Ricochet. 
> 	https://github.com/ricochet-im/ricochet
> 
> Best,
> Jeff

More information about the tor-dev mailing list