[tor-bugs] #17239 [Tor]: Implement new key blinding scheme for proposal 224
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Nov 18 01:02:04 UTC 2015
#17239: Implement new key blinding scheme for proposal 224
-------------------------+------------------------------
Reporter: dgoulet | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: 0.2.???
Component: Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-hs | Actual Points:
Parent ID: #12424 | Points: large
Sponsor: |
-------------------------+------------------------------
Comment (by teor):
We send the same blinded key to each HSDir, and use it to encrypt the
payload.
This allows the HSDir to descrypt the descriptor, which seems
dangerous/unnecessary.
It also allows a HSDir to work out which other HSDirs hold descriptors for
the same hidden service.
If we:
* send different blinded keys to each replica (doing this for spread leaks
information), and
* use a different blinded key for retrieval and encryption,
then the HSDir can't decrypt the descriptor or find the other descriptor
replica.
It can only find the other HSDirs in the spread for this descriptor's
replica, which it can do using the hash ring anyway.
See for extensive, over-the-top detail:
https://lists.torproject.org/pipermail/tor-dev/2015-November/009884.html
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17239#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list