[tor-bugs] #28275 [Core Tor/Tor]: hs-v3: Rotate intro points and close RP circuits when removing client auth service side
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 1 19:08:59 UTC 2018
#28275: hs-v3: Rotate intro points and close RP circuits when removing client auth
service side
------------------------------+------------------------------------
Reporter: dgoulet | Owner: (none)
Type: defect | Status: new
Priority: Very High | Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor | Version: Tor: 0.3.5.1-alpha
Severity: Normal | Resolution:
Keywords: security, tor-hs | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+------------------------------------
Comment (by dgoulet):
Replying to [comment:2 arma]:
> Also rotating all the intro points will mess up clients that have the
existing descriptor (and intro points) cached, right? Imagine an onion
service with a pile of clients who are authorized to reach it, but that
keeps rearranging its set of acceptable clients, in an automated way, due
to some policy it has. If it keeps shifting its intro points at each
change, it could really undermine its reachability.
Yes and this becomes even more annoying if we close all RP circuits
(because service doesn't know which circuit is which client) every time a
client is *removed* from the configuration...
But I still think that there has to be some assumption from an operator
that once the client auth has been removed, after the HUP, that client CAN
NOT have access to the service. Equivalent of a tor restart basically.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28275#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list