[tor-dev] Proposal 284: Hidden Service v3 Control Port
David Goulet
dgoulet at ev0ke.net
Tue Nov 7 17:22:33 UTC 2017
On 06 Nov (15:44:26), AntiTree wrote:
> Hey David,
>
> Are there any ways of revoking a service's key and should it be included as
> a control port function? For example, in the case that the master key is
> kept offline but the host and its descriptor signing key are compromised,
> the box could be run for a period of time(?) until the keys expire and need
> to be re-signed. That window could be forcefully closed remotely with a
> revocation that reports that key as compromised. I don't know how big that
> window is so I don't know how big of a risk it ends up being.
To have a revocation system like that, we need some sort of mechanism that
remembers revoked keys at maybe the directory level of as a complete new
entity that keeps a registry of those.
We do not have a way to do that nor a proposal for it :S...
David
>
> @
>
> On Mon, Nov 6, 2017 at 9:59 AM David Goulet <dgoulet at ev0ke.net> wrote:
>
> > Hi everyone,
> >
> > Attached is the proposal draft for the hidden service v3 contro port
> > specification.
> >
> > The idea with this proposal is to _only_ extend the current commands and
> > events to v3. Nothing new is added. We can think of more things to add
> > after
> > but for now, I wanted a baseline to start with that is only extending what
> > exists.
> >
> > Any kind of feedbacks is welcome! :)
> >
> > Cheers!
> > David
> >
> > --
> > Zu3IyL4LcdnKNkQIZqEqaTNUapUEJFdEcN02dPwo5FQ=
> > _______________________________________________
> > tor-dev mailing list
> > tor-dev at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
> >
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
--
1ThD0Y7lJWfAN3qxos27iPGUdHQS5sZ4kMwlov3un5k=
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20171107/4669062b/attachment.sig>
More information about the tor-dev
mailing list