Delivery-Date: Thu, 21 Jan 2016 23:52:54 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id E04351E0E00;
	Thu, 21 Jan 2016 23:52:52 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 22808396FA;
	Fri, 22 Jan 2016 04:52:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 35906396EA
 for <tor-talk@lists.torproject.org>; Fri, 22 Jan 2016 04:52:44 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 4tyHYVtZNWBB for <tor-talk@lists.torproject.org>;
 Fri, 22 Jan 2016 04:52:44 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 122E5396E4
 for <tor-talk@lists.torproject.org>; Fri, 22 Jan 2016 04:52:44 +0000 (UTC)
Received: from cotinga.riseup.net (unknown [10.0.1.164])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id 52CA81A1C6C
 for <tor-talk@lists.torproject.org>; Fri, 22 Jan 2016 04:52:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1453438361; bh=VSRxeLbvwnmZJJa6WLzpQTZzRozoHXvPz/Oux+5+SAk=;
 h=Subject:To:References:From:Date:In-Reply-To:From;
 b=YCwqcL1B/KwvCJsrF5fACPqIBqyBPt8rAMd3BFyywwEurs4C2wEFURxhsB4vQDXgA
 MQmGDcX0zxApOmFD+pWbec6X6+h5ybLBCsYdwWgM4tJxDXZhpeT9+TLXWLJe0RzpyD
 tDKpEiHtwfYIYnY0EIQOdd/6at4gap+6+dqE442g=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: mirimir) with ESMTPSA id AA56F40024
To: tor-talk@lists.torproject.org
References: <20160116212250.GA14827@ix-293.local> <n7p00n$ia8$1@ger.gmane.org>
 <n7p1ov$fib$1@ger.gmane.org>
From: Mirimir <mirimir@riseup.net>
X-Enigmail-Draft-Status: N1110
Message-ID: <56A1B596.4070101@riseup.net>
Date: Thu, 21 Jan 2016 21:52:38 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <n7p1ov$fib$1@ger.gmane.org>
X-Virus-Scanned: clamav-milter 0.98.7 at mx1.riseup.net
X-Virus-Status: Clean
Subject: Re: [tor-talk] trusting .onion services
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 01/20/2016 03:29 PM, Oskar Wendel wrote:

<snipped many great thoughts about revoking HS descriptors via HSDirs>

> What do you all think?

I agree that HSDirs are the places to handle this. The network already
trusts them not to MitM connections, and send users to malicious HS,
right? And I presume that there is testing for dishonest HSDirs. If not,
there should be.

It would be safest, I think, to simply delete HS descriptors upon
receipt of a valid revocation message, signed by the private key. As
long as operators backup private keys, they can always revoke them. It's
true that adversaries could revoke HS descriptors after stealing private
keys. However, having the site unreachable is arguably the safest
outcome after key compromise.

Private HS keys are often vulnerable, virtually unprotected in remote
hosts. So it's risky to rely on them alone for verifying revocation
messages. However, one could add the option of supplying public GnuPG
keys to HSDirs, signed by HS keys. There could be a time limit on that,
so that it won't become an attack vector. Then HSDirs would require
revocation messages signed by both private HS and GnuPG keys.

It would also be necessary to propagate signed revocation messages among
HSDirs. Each HSDir would check signatures. There's still the risk that
malicious HSDirs would ignore revocation messages. That would require
checking by peers.

Sane?

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

