[tor-talk] ng-rend-spec and very public services

l.m ter.one.leeboi at hush.com
Tue Jun 2 16:01:02 UTC 2015


So I was thinking, perhaps incorrectly, that ng-rend-spec doesn't do
enough to protect very public onion services. Sure, there are
advantages to the proposed changes. What if the adversary is also
someone who can derive the credentials? Encrypted descriptors don't do
much if you can throw SIGINT at HSDirs to determine when they're used.
Even less if you happen to be a HSDir who knows a list of public onion
services and you want to know if you're in possession of any of their
descriptors. If you happen to be using OnioNS you've got another
contributing factor in the form of the onion service lookup leaking
intent to resolve.

Tell me I'm just being paranoid.


More information about the tor-talk mailing list