[tor-dev] How to query HS hostname from control port

Jesse V kernelcorn at riseup.net
Mon Sep 5 13:01:01 UTC 2016


On 09/05/2016 12:43 AM, meejah wrote:
> Could you use ADD_ONION instead? Why are you using the on-disk API if
> you don't want to give your thing permission to read those directories?

I'll consider it, but I want the onion service to be relatively
permanent. It would best if the hostname didn't change every time tor
restarted.

> I also don't see why you'd give something permission to use the
> control-port, but *not* permission to read hostname/private_key
> files...?

I'd just rather not risk unnecessary exposure of private keys. The
software doesn't need the key, so I'm risking compromise just to do
private -> public -> hostname, I'd rather query the hostname directly.
I'm using cookie authentication and both tor and onions-server have a
copy of the cookie file. This way I can set up IPC between them in a
more secure manner and they can each run as a separate user.

> (p.s. I can't reach http://onions55e7yam27n.onion/)

Nothing is online at the moment. I'll make a separate post once
everything is ready.

-- 
Jesse V

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 534 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160905/945da078/attachment.sig>


More information about the tor-dev mailing list