[tor-talk] Revoking a hidden service key
Adrien Johnson
adrienj at adrienj.com
Tue Mar 3 03:05:18 UTC 2015
An solution might be to allow hidden service revocation descriptors to
expire after a long time, and to be updated by the hidden service
operator, but only as a new revocation descriptor which has a later
expiration date. That way the Tor network can eventually forget about
revoked hidden services which are no longer used and where the operator
no longer feels there is a threat of impersonation.
On 2015-03-02 9:50 PM, Max Bond wrote:
> It seems like the only way this scheme could work is if the directories
> remembered which services had issued revocations, making compromises
> expensive for the whole network and opening the door for denial-of-service
> attacks that effect hidden services as a whole.
>
> I would counter propose that you set up a Twitter account which tweets
> about the status of your hidden service, where you could make an emergency
> announcement. Perhaps you could have a passcode required to enter the site
> that changes on a daily basis and is announced from twitter, so that your
> users get in the habit of checking twitter before logging in to your site.
>
> On Mon, Mar 2, 2015 at 6:40 PM, Adrien Johnson <adrienj at adrienj.com> wrote:
>
>> Deleting your key and taking down your service would prevent further
>> compromise of your system, but if your private key was already stolen, it
>> wouldn't stop an attacker from continuing to announce your key and running
>> an imposter service.
>>
>> --
>> tor-talk mailing list - tor-talk at lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
More information about the tor-talk
mailing list