[tor-dev] Proposal 320: Removing TAP usage from v2 onion services

Ian Goldberg iang at uwaterloo.ca
Mon May 11 21:58:31 UTC 2020


On Mon, May 11, 2020 at 04:47:53PM -0400, Nick Mathewson wrote:
> ## INTRODUCE cells, RENDEZVOUS cells, and ntor.
> 
> We allow clients to specify the rendezvous point's ntor key in the
> INTRODUCE2 cell instead of the TAP key.  To do this, the client
> simply sets KLEN to 32, and includes the ntor key for the relay.
> 
> Clients should only use ntor keys in this way if the network parameter
> "hsv2-client-rend-ntor" is set to 1, and if the entry "allow-rend-ntor"
> is present in the onion service descriptor.
> 
> Services should only advertise "allow-rend-ntor" in this way if the
> network parameter "hsv2-service-rend-ntor" is set to 1.

It should be stronger, right? A service that does not advertise
allow-rend-ntor (because hsv2-service-rend-tor is unset) MUST reject an
ntor key, even if the service actually does support it?  Otherwise a
client could simply try it even if support is not advertised?


More information about the tor-dev mailing list