[tor-talk] Improved HS key management
Gregory Maxwell
gmaxwell at gmail.com
Sat Dec 28 23:13:34 UTC 2013
On Sat, Dec 28, 2013 at 1:15 PM, grarpamp <grarpamp at gmail.com> wrote:
> On Sat, Dec 28, 2013 at 6:46 AM, Gregory Maxwell <gmaxwell at gmail.com> wrote:
>> One of the current unfortunate properties of hidden services is that
>> the identity of the hidden service is its public key (or the
>
>> This is pretty bad for prudent key management— the key is very high
>> value because its difficult to change, and then stuck always online
>
> It's not difficult to change, you just change it.
> I'm pretty sure there's a ticket open involving most of this key
> management stuff, you could add any missing concepts to it.
> It's been on the list before too. And there's a second gen draft
> proposal on tor-dev/torspec.
It absolutely is difficult to change— you can only "just change it" if
no one uses it. Otherwise you're chasing people to change addresses
on websites and in software, and the static addresses in people's
bookmarks are vulnerabilities— both if the key falls into an attackers
hands but also because if users become used to the URL just changing
they'll believe it when an attacker DOS attacks the URL while
publishing a new one. Copies of the old name lurk around for years
hitting unsuspecting people, etc.
Sure, it's not the end of the world. Life goes on, and even with good
key management possible, many won't use it.
More information about the tor-talk
mailing list