[tor-relays] Combined relay and hidden service, good idea or not?

Tortilla tortilla at mantablue.com
Mon Jan 8 21:03:15 UTC 2018 


On Mon, January 8, 2018 2:21 am, Florentin Rochet wrote:
> Hey Tortilla,
>
> Sorry for the late reply:
>
> On 2018-01-05 21:13, Tortilla wrote:
>>> The issue is fixed by adding the above warning message: if you care
>>> about your hidden service's "hidden" property, do not run a relay on
>>> the
>>> same process.
>> Would you mind elaborating?  As I read the tracker link, the issue was
>> an
>> informational leak in bandwidth reporting that has now been solved and
>> closed.  As such, the startup warning is misleading unless there are
>> other
>> concerns (such as Igor's below) and in which case, the warning should be
>> re-worded.  Why do you say it is *fixed* by adding a warning?
>
> https://trac.torproject.org/8742 issue is already a stronger concern
> than Igor's point, and there are more. The informational leak in
> bandwidth is still there today, since these measurements are public. The
> issue is marked as fixed because, if you do relay+HS, you got a warning
> "not secure" that links to a possible attack (#8742) to recover your
> HS's location.
>
> To be honest, I don't really get why you feel that the startup warning
> is misleading. Is it because it links a fixed and closed trac issue?

Now I understand.  The misunderstanding was because the description of the
issue lists three "Possible solutions," none of which include merely
adding a startup warning and punting on the real solution.  And yes,
because the issue is marked as closed.  Seems a little weak to consider
the issue closed, at least IF it's not considered impossible due to other
design constraints, and the comments on the issue don't give that
impression.

So I had assumed that with the issue being closed, one of the "Possible
solutions" had been implemented and the information was no longer being
leaked.  I do think it's pretty important for people reading that startup
warning and following the link to see that the issue is in fact NOT fixed.

Whoever has permission to do so really should re-open the issue!

Thanks for your other comments, Florentin.

More information about the tor-relays mailing list