[tor-dev] User perception of onion service discovery

teor teor2345 at gmail.com
Sun Oct 15 12:03:27 UTC 2017


> On 15 Oct 2017, at 04:08, Alec Muffett <alec.muffett at gmail.com> wrote:
> 
>> On 14 October 2017 at 19:43, dawuud <dawuud at riseup.net> wrote:
>> Plaintext communications intermediaries like tor2web violate the end
>> to end principle and the principle of least authority. If we as the
>> Tor community are committed to human rights then it follows we would
>> abolish terrible things like tor2web or at least frown upon it's use.
> 
> 
> 
> I would recommend continuing to enable/support Tor2Web, or at least not moving to make such a solution inoperable.

v2 onion service Tor2web would be easy for HSDirs to block, due to an
implementation bug. We've chosen not to block it. But we haven't spent
much time on fixing its bugs, either.

As far as I am aware, no-one is writing Tor2web for v3 onion services.

We have open tickets for protecting relays that handle onion service traffic
from knowing both the client and service IP address.

So if anyone does write v3 Tor2web, they will need to write it so it:
* uses a 3-hop path for all descriptors, because otherwise that can be used
   for a selective denial of service;
* uses a 3-hop path to connect to intro and rend when a descriptor has the
  single onion service flag;
* retry using a 3-hop path on failure (internal reachability or actual connection
   failure)

And I'm not sure whether we would merge this feature into core tor, due to the
user security issues that David and others have mentioned.

T
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20171015/083f3293/attachment.html>


More information about the tor-dev mailing list