[tor-talk] Onioncat and Tor Hidden Services V3
Bernhard R. Fischer
bf at abenteuerland.at
Sun Sep 15 08:00:26 UTC 2019
On 13.09.19 00:27, grarpamp wrote:
> On 8/20/19, Bernhard R. Fischer <bf at abenteuerland.at> wrote:
>> I finally wrote a HOWTO on using OnionCat with v3 hidden services. I
>> also did some patches to OnionCat to have a better integration.
> Rather than tor killing off v2 onions and HSDirs from the
> codebase, thus ending all the good useful carefully chosen
> and even required reasons people still use v2 and onioncat
> (some of which can be found by searching list archives
> for onioncat, P2P, VoIP, add more uses here)...
The article shows, that it is possible to use OnionCat with HSv3,
although v3 kills the full automatic addressing method.
For having a full automatic addressing (i.e. association between v3-id
und IPv6) some kind of lookup mechanism is necessary. Although this
could theoretically be managed by DNS, this is NOT a solution because of
the well-known DNS leakage problem (and because the private network's
reverse delegations are not globally registered and would need some
IMO a solution could be a HSv3-HSv2 compatibility system within the HS
directory let's call it HSv23.
I propose to create HSv23 entries in the HS dir, which are almost the
same as HSv2 but with an additional field including the HSv3-id and the
signature is created by the HSv3 key. The index (i.e. the onion-id) of
the HSv2a entry is an 80 bit truncated HSv3 id.
The lookup then works as follows:
1. Convert IPv6 to onion-id (80 bit)
2. Retreive the HSv23 entry of the HS dir
3. Retreive the HSv3 entry
4. Check signatures of HSv23 und HSv3 entry
5. Connect to HSv3 service
Recently, I also wrote an Security Considerations article on OnionCat
which also includes a short discussion of the Hsv2/Hsv3 security in
respect to OnionCat:
More information about the tor-talk