[tor-dev] HS v3 client authorization types

Suphanat Chunhapanya haxx.pop at gmail.com
Wed May 16 18:08:32 UTC 2018 


On 05/14/2018 05:26 PM, George Kadianakis wrote:
> Suphanat Chunhapanya <haxx.pop at gmail.com> writes:
> 
>> On 05/09/2018 03:50 PM, George Kadianakis wrote:
>>> I thought about this some more and discussed it with haxxpop on IRC. In
>>> the end, I think that perhaps starting with just desc auth and then in
>>> the future implementing intro auth is also an acceptable plan forward.
>>
>> I think we have two more things to think about.
>>
>> 1. I forgot to think about the format of client_authorized_pubkeys file.
>> In the client_authorized_pubkeys file, each line should indicate the
>> auth type for which the pubkey is used instead of just specifying the
>> client name and the pubkey. So the line should be as follows.
>>
>> <client-name> <auth-type> <pubkey>
>>
>> and, if auth-type is "standard", it will be equivalent to two lines of
>> "desc" and "intro".
>>
> 
> Sounds plausible.
> 
> BTW, what's the role of `client_authorized_pubkeys` in your opinion? Is
> it only used by little-t-tor internally to see which clients are
> recognized or not? IIUC, the onion service operator should not really
> need to use it since it contains pubkeys.

The role of `client_authorized_pubkeys` is to keep all pubkeys of
clients so that we can use them to encrypt the descriptor when the
client auth is enabled.

To specify which clients are recognized, the operator must put the
client names in `HiddenServAuthorizeClient` directive. After that, the
service will use the names in `HiddenServAuthorizeclient` to search for
pubkeys in `client_authorized_pubkeys`. So, if there is a pubkey in
`client_authorized_pubkeys` whose client name is not in
`HiddenServAuthorizeClient`, that key will not be used.

I think the operator needs to use it because, in case the client wants
to generate a keypair itself, the operator needs to put the client's
pubkey in this file.

> 
> BTW, I noticed that in v2, when we enable client auth, the onion service
> also edits the `hostname` file to produce different lines for each
> client, so that the operator can copy-paste them directly to the
> users. Do you find that useful? Do you think we should do it too for v3?

I think we did that because in stealth mode, the hostname will change
depending on the client. In v3, the hostname is always static, so I
think we don't have to do that.

More information about the tor-dev mailing list