[tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
Tim Wilson-Brown - teor
teor2345 at gmail.com
Sat Jan 23 23:51:04 UTC 2016
> On 24 Jan 2016, at 09:28, s7r <s7r at sky-ip.org> wrote:
>
> > * This will break some Tor2Web installations, which deliberately
> > choose rendezvous points on the same server or network for latency
> > reasons. (Forcing Tor2Web installations to choose multiple RPs may
> > be a worthwhile security tradeoff.)
> >
> Yes, but there is a HiddenServiceRendFilter 0 in the proposal for this
> purpose and for RSOS services as well.
But that doesn't help clients to connect to every hidden service using
the same rendezvous points for every connection, unless every hidden
service sets HiddenServiceRendFilter 0.
Tor2Web instances are Tor clients that are configured as reverse proxies
to the entire Tor hidden service address space.
HiddenServiceRendFilter 0 only modifies the behaviour of one hidden
service with Tor2Web. But because Tor2Web is a client which is configured
to use the same rendezvous point(s) for every hidden service connection,
it will get banned if it connects to the same hidden service too many times.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP 968F094B
teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160124/b0df1432/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160124/b0df1432/attachment.sig>
More information about the tor-dev
mailing list