[tor-dev] Hidden Service authorization UI
Ximin Luo
infinity0 at torproject.org
Fri Nov 21 12:25:17 UTC 2014
On 09/11/14 12:50, George Kadianakis wrote:
> Hidden Service authorization is a pretty obscure feature of HSes, that
> can be quite useful for small-to-medium HSes.
>
> Basically, it allows client access control during the introduction
> step. If the client doesn't prove itself, the Hidden Service will not
> poroceed to the rendezvous step.
>
> This allows HS operators to block access in a lower level than the
> application-layer. It also prevents guard discovery attacks since the
> HS will not show up in the rendezvous. It's also a way for current
> HSes to hide their address and list of IPs from the HSDirs (we get
> this for free in rend-spec-ng.txt).
>
> In the current HS implementation there are two ways to do authorization:
> https://gitweb.torproject.org/torspec.git/blob/HEAD:/rend-spec.txt#l768
> both have different threat models.
>
https://gitweb.torproject.org/torspec.git/blob/HEAD:/rend-spec.txt#l936
936 "client-key" NL a public key in PEM format
A private key is what's actually generated. Not sure if it's a bug in the spec, or a bug in tor. From a quick read of the rest of it, I'm guessing the spec?
X
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
More information about the tor-dev
mailing list