[tor-dev] Proposal: End-to-end encrypted onion services for non-Tor clients

Donncha O'Cearbhaill donncha at donncha.is
Tue Sep 15 13:31:22 UTC 2015


Yawning Angel:
> On Mon, 14 Sep 2015 16:12:23 +0000
> Donncha O'Cearbhaill <donncha at donncha.is> wrote:
>> I have been thinking about ideas to make Tor hidden services more
>> available and secure for non-Tor users. Inline I've included a draft
>> proposal which describes an end-to-end encrypted Tor2Web-like system. 
>>
>> I'm really interested in hearing any suggestions, comments or
>> criticism about this proposal. In particular I'd like to know if the
>> trust requirements for the entry proxies and resolvers seem
>> reasonable? Does this proposal make sense and is it something worth
>> implementing?
> 
> I don't understand the use case for this, given the design presented.
> 
> If the HS operator is willing to register a domain, run a public name
> server, and pay for a CA cert, why host the actual content on a Tor
> HS?

I think that a hidden service operator should be able run this
anonymously.  It's possible to purchase domains names anonymously and
soon it will (hopefully) be possible to obtain a CA cert for free from
the LetsEncrypt CA.

The public name server would typically not be run by the hidden service
operator but by an independent third-party provider.

> 
> It should be emphasized that the user has absolutely zero anonymity
> under this scheme, in that anyone tapping the link between the user
> and the proxy can see what domain the user is trying to view.  Anyone
> with the capability to inject RSTs can censor on a per-site basis as
> well.

Your right, the complete lack of user anonymity is a major trade-off and
should be emphasised strongly in this scheme.

I see this proposal as simply an extension and enhancement of Tor2Web.
It makes the same anonymity tradeoffs but provides end-to-end encryption
and allows the hidden service operator to use their own domain name.

Tor2Web is by necessity very centralised. They need to share their
wildcard CA cert amongst all participating Tor2Web nodes. The limited
number of nodes also puts the service at constant risk of outages.

This proposal would allow a more decentralised system while adding
improving usability and confidentiality for the user.

Regards,
Donncha

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150915/4bf16e1b/attachment.sig>


More information about the tor-dev mailing list