[tor-talk] trusting .onion services
Rejo Zenger
rejo at zenger.nl
Sat Jan 23 19:14:42 UTC 2016
++ 20/01/16 21:59 +0000 - Oskar Wendel:
>> [2] OK. Not entirely true, maybe. It may be possible to include those
>> key in some listing of the directory authorities marking them as bad
>> nodes. This is a manual process.
>
>There should be a possibility to automate this process. Something like...
Yes. Just to make sure: this would solve only the problem that a key of
HS may become compromised and some way of revocation should be
available. It doesn't solve the other issues (as, making sure that some
key actually does belong to the intended/expected owner).
>1. HS owner realizes that his HS key has been stolen (but he still has
>his copy)
>
>2. HS owner creates the "revocation message" for the onion address, signs
>it with his key and submits it to the DHT the same way a HS descriptor
>is uploaded
The owner could create the revocation message right away and store it
somewhere safe, just to make sure that if the key is stolen ánd deleted,
the owner can still create a revocation certificate.
--
Rejo Zenger
E rejo at zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl
T @rejozenger | J rejo at zenger.nl
OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4
XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF
Signal 05 EB 38 5C 01 0B 55 6A 19 69 E1 EF C2 99 89 EC 9C
E4 88 3C 6F E3 7D 58 61 9B 32 E8 DB 9F ED 1B 2A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20160123/1f8c849f/attachment.sig>
More information about the tor-talk
mailing list