Delivery-Date: Mon, 02 Mar 2015 21:50:34 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,
	URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 96FD81E0A5E
	for <archiver@seul.org>; Mon,  2 Mar 2015 21:50:32 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 1689233FF6;
	Tue,  3 Mar 2015 02:50:29 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id AE8D633FE6
 for <tor-talk@lists.torproject.org>; Tue,  3 Mar 2015 02:50:18 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ezhI2Venx8c3 for <tor-talk@lists.torproject.org>;
 Tue,  3 Mar 2015 02:50:18 +0000 (UTC)
Received: from mail-wg0-x22b.google.com (mail-wg0-x22b.google.com
 [IPv6:2a00:1450:400c:c00::22b])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 64EAF33FE5
 for <tor-talk@lists.torproject.org>; Tue,  3 Mar 2015 02:50:18 +0000 (UTC)
Received: by wghl18 with SMTP id l18so37240321wgh.8
 for <tor-talk@lists.torproject.org>; Mon, 02 Mar 2015 18:50:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=nvvEUbHWZICf4I7xePYAADgkcwUPY/sF2OqQ0LqpISc=;
 b=TtIWJAGyRMUQBQ4dl/FrgULxhDkgAK45jnk8ebAI6KbZA+vdMKJrjOypgY4ddkAAwN
 IF+IvdKlPw/aRXQL4gyl9lp3acajKKka5v7lPVi5apw0TJll3FfP+3eAggkafJ5+bJFz
 NAnPiLChAaPF7D1rAmGD/bunQTzBBWS3JRmESGWbL+NArAKcygA8WPeB2wtTeDEDA3nc
 MDhz2pgYhMp2jLZdKGPgLCM6rraKZ2Yb6x/LKTjuR98Lcoru3u168U9IVOZhh72xglcI
 7bk4/vBlLYujVTAttKg6LUN34eCck6fzhXC8I3BI+W/kWuwbP7S1NVoaMaL8MPfTstYl
 POig==
MIME-Version: 1.0
X-Received: by 10.194.173.138 with SMTP id bk10mr62553312wjc.112.1425351015596; 
 Mon, 02 Mar 2015 18:50:15 -0800 (PST)
Received: by 10.27.51.77 with HTTP; Mon, 2 Mar 2015 18:50:15 -0800 (PST)
In-Reply-To: <54F51F38.30902@adrienj.com>
References: <54F506C7.6020202@adrienj.com>
 <CALoT2zYkwUEguD-bN+hsePTK8a+G=HRWju6s3yGtiQA5+G5Waw@mail.gmail.com>
 <54F51F38.30902@adrienj.com>
Date: Mon, 2 Mar 2015 18:50:15 -0800
Message-ID: <CAKrUFkh4fd9tkssVXiUs0g_X5vRYH2FBA4Te0nJGRtyM2Qy0dw@mail.gmail.com>
From: Max Bond <max.o.bond@gmail.com>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Revoking a hidden service key
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

It seems like the only way this scheme could work is if the directories
remembered which services had issued revocations, making compromises
expensive for the whole network and opening the door for denial-of-service
attacks that effect hidden services as a whole.

I would counter propose that you set up a Twitter account which tweets
about the status of your hidden service, where you could make an emergency
announcement. Perhaps you could have a passcode required to enter the site
that changes on a daily basis and is announced from twitter, so that your
users get in the habit of checking twitter before logging in to your site.

On Mon, Mar 2, 2015 at 6:40 PM, Adrien Johnson <adrienj@adrienj.com> wrote:

> Deleting your key and taking down your service would prevent further
> compromise of your system, but if your private key was already stolen, it
> wouldn't stop an attacker from continuing to announce your key and running
> an imposter service.
>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

