[tor-bugs] #3507 [Tor Hidden Services]: Allow tor hidden services to delegate to operational public keys
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Sep 29 23:05:11 UTC 2011
#3507: Allow tor hidden services to delegate to operational public keys
---------------------------------+------------------------------------------
Reporter: pde | Owner: rransom
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor Hidden Services | Version:
Keywords: | Parent:
Points: | Actualpoints:
---------------------------------+------------------------------------------
Comment(by pde):
Under scheme (1), where the hidden service key is airgapped, and a set of
pre-computed, signed descriptors for the operational key is stored on the
operational server, the tricky question is "how large should that pre-
computed set of descriptors be?".
If it's small, the service operator will have to frequently use their
airgapped system to make new descriptors and install them on the
operational system.
If it's large, then an attacker who compromises the operational system
will be able to keep control (or at least partial control?) of the hidden
service for an extended period of time.
Designs (2) and (3) have the virtue that the operator does not need to
ferry data between their airgapped and operational systems, unless and
until the operational system is compromised.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3507#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list