Delivery-Date: Sat, 23 Jan 2016 14:15:10 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id DD7BE1E0ADA;
	Sat, 23 Jan 2016 14:15:07 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 4061933703;
	Sat, 23 Jan 2016 19:15:02 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id C1A8523522
 for <tor-talk@lists.torproject.org>; Sat, 23 Jan 2016 19:14:58 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id akt6rr2y6fHu for <tor-talk@lists.torproject.org>;
 Sat, 23 Jan 2016 19:14:58 +0000 (UTC)
Received: from trillian.krikkit.nl (trillian.krikkit.nl [94.142.240.21])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 9360D21693
 for <tor-talk@lists.torproject.org>; Sat, 23 Jan 2016 19:14:58 +0000 (UTC)
Received: by trillian.krikkit.nl with esmtpsa
 (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1aN3e4-0004RG-IT
 for tor-talk@lists.torproject.org; Sat, 23 Jan 2016 20:14:55 +0100
Received: by ix.home (Postfix, from userid 501)
 id E63BBC6CDFD; Sat, 23 Jan 2016 20:14:42 +0100 (CET)
Date: Sat, 23 Jan 2016 20:14:42 +0100
From: Rejo Zenger <rejo@zenger.nl>
To: tor-talk@lists.torproject.org
Message-ID: <20160123191442.GA2981@ix.home>
References: <20160116212250.GA14827@ix-293.local> <n7p00n$ia8$1@ger.gmane.org>
MIME-Version: 1.0
In-Reply-To: <n7p00n$ia8$1@ger.gmane.org>
X-Trillian-Spam-Scanner: trillian.krikkit.nl
X-Trillian-Spam-Score: -0.0 (/)
X-Trillian-Spam-Score-Int: 0
X-Trillian-Spam-Report: result=No,
 score=-0.0 required=4.0 tests=NO_RELAYS version=3.4.0
Subject: Re: [tor-talk] trusting .onion services
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0566174905372369012=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============0566174905372369012==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="jRHKVT23PllUwdXP"
Content-Disposition: inline


--jRHKVT23PllUwdXP
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

++ 20/01/16 21:59 +0000 - Oskar Wendel:
>> [2] OK. Not entirely true, maybe. It may be possible to include those
>> key in some listing of the directory authorities marking them as bad
>> nodes. This is a manual process.
>
>There should be a possibility to automate this process. Something like...

Yes. Just to make sure: this would solve only the problem that a key of=20
HS may become compromised and some way of revocation should be=20
available. It doesn't solve the other issues (as, making sure that some=20
key actually does belong to the intended/expected owner).

>1. HS owner realizes that his HS key has been stolen (but he still has=20
>his copy)
>
>2. HS owner creates the "revocation message" for the onion address, signs=
=20
>it with his key and submits it to the DHT the same way a HS descriptor=20
>is uploaded

The owner could create the revocation message right away and store it=20
somewhere safe, just to make sure that if the key is stolen =E1nd deleted,=
=20
the owner can still create a revocation certificate.



--=20
Rejo Zenger
E rejo@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl =20
T @rejozenger | J rejo@zenger.nl

OpenPGP   1FBF 7B37 6537 68B1 2532  A4CB 0994 0946 21DB EFD4
XMPP OTR  271A 9186 AFBC 8124 18CF  4BE2 E000 E708 F811 5ACF
Signal    05 EB 38 5C 01 0B 55 6A 19 69 E1 EF C2 99 89 EC 9C
          E4 88 3C 6F E3 7D 58 61 9B 32 E8 DB 9F ED 1B 2A

--jRHKVT23PllUwdXP
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJWo9DWXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxRkJGN0IzNzY1Mzc2OEIxMjUzMkE0Q0Iw
OTk0MDk0NjIxREJFRkQ0AAoJEAmUCUYh2+/UjxoP/3sU4aKwWxzQWTmRE8N6gjH9
5uvBYOpQOsdfnswrSFHSbLCf8b2UeOKgiHuIPB8J+E+Iou7EKBlYk3uMflq/gLu2
J5C4ZFbOjniHMv+npqEjLPdTGLJ/QxQZiLfARK2G8l+F3iYZnjvab2HwHBbLasGp
IZEvTG+e1I5h9CWLdkmObUC9IpPopVf+n6MfQiq0wpQBu9CKpFm2E54kcWNy0khR
6KZbnuLLkd57e8FBCjJQlIDjsXitWYz/iZiibRnKvhOvhXRuN1CGJcGp+0KIyBDv
vJVrNLmw3auDL+G+IL3jx72sQzbcTMsl3ekBirL1EYlwnV2pPyNXreG1l7ITjU/l
ego9e119MM44MNhRfOj9qjtMxypzM99idbVhXklKAaPYulqiI9PS2tMDSbuLqSGn
dh3ApmCbabl0wMOxqrkDOEWB+DIx5kJNS6K70X6SI08rcpbGOrusR/4Z3e8aLCD5
em5FFnnbOfxrhmPHMkEzSZrxF9WfvBIbenM9FxT4mGc4clFUgfdD0iKJM5HnoIoA
SIQ1XOEqgHexd2JAsxsbtsaeFLHvmMC5OUxRdFJLmLXCQPiWQTD3AV+4OBu/ZjBr
BZf7OoKuOpbdTIa3gt48BaLRXoQXBj34GxsKBoZSE5RRmCmJ61rf1sGQBaamL1HO
QYaz/x5/tjxMQAFvuDKN
=/bhq
-----END PGP SIGNATURE-----

--jRHKVT23PllUwdXP--

--===============0566174905372369012==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============0566174905372369012==--

