[tor-dev] Potential projects for SponsorR (Hidden Services)
George Kadianakis
desnacked at riseup.net
Wed Oct 22 21:58:41 UTC 2014
Virgil Griffith <i at virgil.gr> writes:
>> - Opt-in HS indexing service
>
> I offer to captain and lead development of this one.
>
Thanks for offering to help!
My main goal with this project would be to increase visibility of
Hidden Services: make it easy for people to find Hidden Services that
want to be found.
Search engines are very important for this, since they basically make
the Internet easy and fast to navigate [0].
However, I see a few advantages of doing this directly on the Tor
client instead of relying exclusively on HS search engines:
a) Currently, an HS operator that wants to get more visitors has to
find an HS search engine and insert her HS in there. Or advertise
in forums. Or hope that the HS gets noticed and linked from
somewhere (and that existing HS search engines crawl links).
This future would allow the HS operator to add:
PublicHiddenService 1
in her torrc, and automatically the HS would register itself
somewhere and search engines would auto-learn about it [1].
b) By baking this feature in the Tor client, you can do digital
signatures using the HS identity key which might allow secure
naming systems to be built.
For example, you could send to the HS authority a signed name for
your HS and a signed HS descriptor. And the HS authority could
maintain a {petname : signed descriptor} map that would give
assurance to clients that the name was actually chosen by the HS
with that descriptor.
But to be honest, I haven't really thought about this topic and I
don't believe strongly in my arguments above.
What I would do as the first step here would be to understand whether
this idea has value. Maybe it's something that adds extra complexity,
and HS operators should just do manually. To do that I think we should
enumerate the various use cases and solutions that can be offered.
Use case examples:
- HS Social network that wants to increase its userbase
- IRC network that wants to increase its userbase
- HS website that suffers from phishing and vanity key attacks.
- ...
Notice that some use cases want visibility and other might want
security. Can an Opt-In HS indexing service help them?
What solutions could be offered:
- An HS authority that archives HS names or descriptor. HS search
engines and clients can look up descriptors. What's the threat model
of the authority? Should it be hosted by Tor or not necessarily?
- An HS authority that facilitates some sort of petname scheme. But
with what interface? A TBB plugin? How are the I2P guys doing it?
- Output a file in DataDirectory that people are supposed to submit to
an HS authority if they want.
- A GNS setup that offers secure/decentralized/human-memorable naming
system. But what to do with all those zones and master zones and
stuff? I don't know how to make that usable (both for clients and HS
operators).
- Maybe none of these things should happen, and this is entirely a bad
idea that adds more code to Tor, has dangerous misconfiguration
consequences, has dangerous phishing potential and doesn't really
add any value.
- More ideas.
This is more of a braindump, but a more structured response would need
to wait many days, so release early release often :)
Let me know if you find this interesting and what are your thoughts :)
[0]: See
https://moderncrypto.org/mail-archive/messaging/2014/000944.html
for an analysis on why people use search engines instead of the
address bar.
[1]: Let's leave bikeshedding about the name of the torrc option and
how alarmist it should be for later.
More information about the tor-dev
mailing list