[tor-bugs] #16062 [Tor]: Pseudonymous bidirectional user/caller authentication (true P2P)

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon May 18 11:31:29 UTC 2015


#16062: Pseudonymous bidirectional user/caller authentication (true P2P)
-----------------------------+-----------------
     Reporter:  vynX         |      Owner:
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+-----------------

Comment (by ioerror):

 Replying to [ticket:16062 vynX]:
 > One big deal that differentiates Tor from all of the P2P networks is
 that Tor cannot easily be used for true peer-to-peer applications.

 How do you decide that? Every client can publish a globally (inside of
 Tor) reachable address, eg: foo.onion - anyone can thus reach that client,
 if they wish to use that address. Every client can choose their route
 through the network and connect to any .onion and any ipv4 or ipv6
 address.

 In what way is that not allowing for so-called "true peer-to-peer
 applications" exactly?

 > I assume the reason is there is no way to authenticate an incoming
 circuit other than by doing some XMPP-like dialback mumbo jumbo. This to
 me sounds like an unnecessary deficit.

 There is a way to do AAA for incoming connections - Please read the manual
 page:

        HiddenServiceAuthorizeClient auth-type client-name,client-name,...
            If configured, the hidden service is accessible for authorized
            clients only. The auth-type can either be 'basic' for a
            general-purpose authorization protocol or 'stealth' for a less
            scalable protocol that also hides service activity from
            unauthorized clients. Only clients that are listed here are
            authorized to access the hidden service. Valid client names are
 1
            to 16 characters long and only use characters in A-Za-z0-9+-_
 (no
            spaces). If this option is set, the hidden service is not
            accessible for clients without authorization any more.
 Generated
            authorization data can be found in the hostname file. Clients
 need
            to put this authorization data in their configuration file
 using
            HidServAuth.

 That is exactly a way to ensure that a connection is from a specific user.
 It won't matter which circuit is used at all - rather the specific streams
 will all be tied to the user. I'm not sure how you'd get that it was alice
 vs bob (assuming both have an auth token) - I think you can get that from
 the control port but I'm not sure. You may be able to do something cool
 with UnixSockets for example but I think no one has done that as of yet.

 >
 > It should be an option for Tor users or applications to store the key
 used in end-to-end communications with a hidden service such that they can
 pseudonymously reappear as the same entity when reconnecting at a later
 time.

 That is a higher application level thing in my view if the auth token
 above doesn't work for your use. That is - your HTTPS server behind a Tor
 Hidden Service can use client certificates or some other application level
 thing. There is no reason a client can't generate a keypair and use it for
 each request (assuming an http like protocol, for example).

 Or I guess something like this might work with a Tor Hidden Service out of
 the box: https://sipb.mit.edu/doc/apache-client-certs/

 >
 > They could also have the ability to use the identity of their own hidden
 service in outgoing calls, making it thus trivial for any receiver to call
 back.

 So in this case, you've designed some application that runs on top of a
 Tor Hidden Services and sure, it would be possible for clients to have a
 .onion, for servers to connect to that .onion and for servers to issue a
 per client .onion too. There is some care that needs to be taken here or
 you will be generating a lot of connections or generating a lot of
 .onions...

 It could be that a user generates a certificate, includes their own .onion
 in the cert and perhaps even an auth token to be passed to Tor, for
 example.

 >
 > Use cases are not only all sorts of P2P applications such as Tor-based
 instant messengers, chat and social networking systems, but even the mere
 manageability of users on forum-like hidden websites. Instead of forcing
 visitors to go through the terrible procedures of name registration,
 captcha compliance and password storage, they could simply be identified
 by their pseudonymous identity and possibly gain privileges on the site by
 time spent or other interaction criteria. In other words, pseudonymous
 authentication would play out systemic strengths of Tor's public-key-based
 routing in a way that makes websites more pleasurable to use than with the
 regular Internet.

 If I understand your idea for an application design, I don't think
 anything needs to change inside of Tor except that a given authorized user
 needs to have a hint attached to a socket (tcp or unix). I may not fully
 understand it though...

 >
 > From my humble understanding of the Tor architecture, only two changes
 are needed:
 > – An API for apps and users to classify the interaction with certain
 onions as pseudonymous rather than anonymous.

 If you want that - you can give a client an authorized hidden service -
 the .onion and the token are unique per user. In addition, you can use the
 stealth (rather than basic) mode for a higher level of security (at a
 cost).

 > – An API for hidden services to access the pseudonymous authentication
 data when provided.

 You can use SETCONF to generate hidden services on the fly. I believe you
 can use that to generate hidden services that require authentication.
 Either way, the higher level application needs to talk to the Tor
 Controller, I think. I believe that the Tor Controller will tell you that
 you have an incoming connection from user alice and then you can patch
 that data to your higher level application.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16062#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list