[tor-bugs] #17239 [Tor]: Implement new key blinding scheme for proposal 224
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 19 15:30:07 UTC 2015
#17239: Implement new key blinding scheme for proposal 224
-------------------------+------------------------------
Reporter: dgoulet | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: 0.2.???
Component: Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-hs | Actual Points:
Parent ID: #12424 | Points: large
Sponsor: |
-------------------------+------------------------------
Comment (by teor):
Replying to [comment:3 teor]:
> We send the same blinded key to each HSDir, and use it to encrypt the
payload.
>
> This allows the HSDir to descrypt the descriptor, which seems
dangerous/unnecessary.
I made a mistake here, the HSDir actually needs the subcredential to
decrypt, which is derived from the credential.
So this is what we're doing already with the separate subcredential
(encryption) and blinded public key (retrieval):
> * use a different blinded key for retrieval and encryption,
But using different blinded keys per replica means that replicas can't
find each other.
Also, what if replicas overlap? We could end up with just 3 HSDirs for a
service.
I'll send a patch in the morning addressing these issues and those in
#17242.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17239#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list