[tor-dev] Exposing onion service errors to Tor Browser

Jeremy Rand jeremyrand at airmail.cc
Wed Oct 2 22:19:47 UTC 2019

Drew at FoundingDocuments.org:
> Please forgive me if I misunderstand things, but I thought leaked v3.onion addresses with (properly set up) authorized onion services (authorized_clients/*.auth & corresponding client-side .auth_private) can’t be loaded. Thus providing instant, inexpensive DOS protection, and denying the malevolent (and anyone) the opportunity to even know a specific onion address is in use. And keeping them from trying again later, and again, etc.
> I am definitely in favor of feedback and clear error reporting, but I am not clear about how these authorization-only onion services will be affected. 
> Is tor going to be changed such that unauthorized clients -- clients without a proper .auth_private file -- are going to be able to learn if a specific .onion domain is in use? Will the local tor inform the user that in effect that onion address is in use but perhaps X'F4' or X'F5' ?

AFAIK this proposal has nothing to do with changing the Tor onion
service protocol; it's solely related to conveying errors to the user
that the Tor daemon used by Tor Browser already has access to.  The
security properties of onion services can't be changed by this -- if
they could be, then this would be security by obscurity, which is a scam
that the Tor devs (and any other legitimate software developers) don't
engage in.

-Jeremy Rand
Lead Application Engineer at Namecoin
Mobile email: jeremyrandmobile at airmail.cc
Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C
Send non-security-critical things to my Mobile with OpenPGP.
Please don't send me unencrypted messages.
My business email jeremy at veclabs.net is having technical issues at the

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20191002/c126301b/attachment.sig>

More information about the tor-dev mailing list