[tor-talk] hidden services 2.0 brainstorming

Fabio Pietrosanti (naif) lists at infosecurity.ch
Wed Jul 11 15:43:52 UTC 2012


Yo,

i really appreciate such discussion about empowering TorHS, a lot of
work still have to be done to make proper leverage of the capabilities
that TorHS provide.

On 7/11/12 5:36 PM, proper wrote:
> I think the concept of hidden services has a lot potential. Not only
> because they are hidden. Let's face it:
> - You get a free domain for live.
> - You get transparent, free end to end encryption. No flawed root CA system.
> - That's something remarkable, isn't it?
> 
> With some modifications/improvements they could be potentially used for
> any website, such as as e-commerce, google, twitter, facebook etc.

Don't exaggerate, it still need a software client to access them, so the
usability is heavily impacted.
This imply that TorHS are not for general uses in the context of mutual
anonymity .

> 
> hidden services "1.0" as of July 2012 features:
> - "optional" [1] client anonymity
Standard Tor Client are always anonymous.
> - "optional" [2] server anonymity
Server is always anonymous.
> - somewhat slow both, when client anonymity and server anonymity are active
> - free live time domain
> - no domain registrar can mess up
> - somewhat [3] secure
> - very few useful legitimate hidden services exist [4]
> 
> ideas for hidden services "2.0":
> - Marketing: Free domain for live!
> - Marketing: Safer than SSL!
It's not a replacement to SSL, it provide some good end-to-end crypto
but does not provide you the same feature of SSL (like
identification/authentication of a trust chain, client side
authentication, certificate protection, etc).
> - "optional" [1] client anonymity
Standard Tor Client are always anonymous.
> - "optional" server anonymity
Server is always anonymous.
> - add an option to let the server and/or client connect non-anonymously [6]
> - somewhat slow both, client anonymity and server anonymity are active
Please consider that most of the issues with TorHS are not related to
bandwidth but are related to responsiveness (round-trip).
> - fast if only one uses anonymity
> - very fast if none use anonymity
> - establish new human friendly name system [7]
> - improved stability, reachability, performance and dos protection features
> 
> advantages:
> - More legitimate hidden services. Better reputation for Tor.
> - Real solution for the flawed root CA system.
> - Say goodbye to the DNS hierarchy system, DNS spoofing etc. Free
> domains, domain security depends on local security, not on registrar /
> DNS system.
> - Tor gets more known and gets more relay / bridge contributors.
> - Safes exit bandwidth.
> 
> [1] Optional because if Tor2webMode is set to 1: Tor connects to hidden
> services non-anonymously. As far I know it connects to the rondevouz
> point directly, server of course stays anonymous.
That's something only for tor2web uses, where it's explained that there
is NO anonymity for the client.
As a safeguard tor2web mode need to be enabled at build-time and it's
not generally available in publicly available Tor binaries.

> [2] There are exit enclaves. The server acts as exit and allows to exit
> to it's own IP.
The Tor exit enclaves are not based on Tor HS.
As far as i remember Tor Exit Enclaves are "dead".

> [3] Please don't make that the topic here. What I mean is the domain
> name may not be long enough, weak sha1 hash and the encryption keys are
> not the most up to date, strongest ones.
There's still no way to secure the TorHS key provided by Tor.
I'd love if someone would take on
https://trac.torproject.org/projects/tor/ticket/5976 .

> [4] Depends on opinion, anyway, much more legitimate and useful servers
> can not hurt. Let's not make this the topic here.
> [5] One hop circuit or can you even make a 0 hop circuit, i.e. direct
> connection?
> [6] Non-anonymous domains could use something else, not .onion.
> [7] There is already at least one proposal, pet name system.
I would love if someone would implement something like that, we got some
ideas to work.

Imho we may have to discuss / and/or formalize better a concept to make
a Tor2web network grow exponentially and with somehow automatic network
joining/leaving/adaptation with NO manual intervention.

That way it may be possible to create a big Tor2web network, acting as a
public access backbone to TorHS (always inviting the client to download
and use Tor, explaining with a big warning they are not anonymous)

If many very cool service on TorHS starts, it would operate as an
stimulus to use TorHS, exposing that Websites over the internet
(client-free = maximum usability).

-naif


More information about the tor-talk mailing list