Delivery-Date: Tue, 03 Mar 2015 05:20:09 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,URIBL_BLOCKED
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id DBB3B1E054F
	for <archiver@seul.org>; Tue,  3 Mar 2015 05:20:06 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 24E0033B19;
	Tue,  3 Mar 2015 10:20:03 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 2A71F33B1B
 for <tor-talk@lists.torproject.org>; Tue,  3 Mar 2015 10:20:00 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id dNa9WGaHcyt7 for <tor-talk@lists.torproject.org>;
 Tue,  3 Mar 2015 10:20:00 +0000 (UTC)
Received: from windmill.donncha.is (unknown [IPv6:2001:41d0:8:da8a::1])
 by eugeni.torproject.org (Postfix) with ESMTP id CE28833A34
 for <tor-talk@lists.torproject.org>; Tue,  3 Mar 2015 10:19:59 +0000 (UTC)
Received: from [10.10.0.22] (vpn.tcd.pirates.ie [92.51.245.81])
 by windmill.donncha.is (Postfix) with ESMTPSA id 1BF05F4
 for <tor-talk@lists.torproject.org>; Tue,  3 Mar 2015 11:58:34 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=donncha.is; s=dkim;
 t=1425380314; bh=ftFNbJT0jA5S7/3moKU6SzD5pNYJwZSAnmMUmU/stSo=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=ruXPFykOusVZP/AAj84GSjrOKZnMH/FhrdcQZeNr/0HEsCJ3eBi4QjMThIJJ+z02T
 OlryQNOrzc107d+jU5trQWyTtZDzyOpn2xxg1hlBqN92dyc3JmqO7oFrTQAqr653Ym
 agCsLGexcGfYFdEpvue6Tg9YLaVgTgIGGMcDEfLY=
Message-ID: <54F58AAD.5010000@donncha.is>
Date: Tue, 03 Mar 2015 10:19:25 +0000
From: Donncha O'Cearbhaill <donncha@donncha.is>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <54F506C7.6020202@adrienj.com>
 <CALoT2zYkwUEguD-bN+hsePTK8a+G=HRWju6s3yGtiQA5+G5Waw@mail.gmail.com>
 <54F51F38.30902@adrienj.com>
 <CAKrUFkh4fd9tkssVXiUs0g_X5vRYH2FBA4Te0nJGRtyM2Qy0dw@mail.gmail.com>
 <54F524EE.3050400@adrienj.com>
In-Reply-To: <54F524EE.3050400@adrienj.com>
OpenPGP: url=http://donncha.is/donncha.asc
Subject: Re: [tor-talk] Revoking a hidden service key
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============4160417849375824166=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4160417849375824166==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="UdNcPtGP8L3h9e31INIFjidopAqBucPlE"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--UdNcPtGP8L3h9e31INIFjidopAqBucPlE
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Alternatively the original hidden service operator could publish hidden
service descriptors with a normal validity period which contain a
revocation field. A HSDir which receives a descriptor containing the
revocation could replace the (potentially malicious) HS descriptor
stored in its cache.

A client could be show an alert that the hidden service they are
attempting to access has been compromised/revoked and should not be used
in future. A HS operator would then keep broadcasting the revocation
descriptor until such time that all clients are likely to have been
notified. This kind of replacement approach would allow revocation
without placing any more load or memory demands on the network.

In practice do HS operators have a need to revoke hidden service keys?

On 03/03/15 03:05, Adrien Johnson wrote:
> An solution might be to allow hidden service revocation descriptors to
> expire after a long time, and to be updated by the hidden service
> operator, but only as a new revocation descriptor which has a later
> expiration date. That way the Tor network can eventually forget about
> revoked hidden services which are no longer used and where the operator=

> no longer feels there is a threat of impersonation.
>=20
> On 2015-03-02 9:50 PM, Max Bond wrote:
>> It seems like the only way this scheme could work is if the directorie=
s
>> remembered which services had issued revocations, making compromises
>> expensive for the whole network and opening the door for
>> denial-of-service
>> attacks that effect hidden services as a whole.
>>
>> I would counter propose that you set up a Twitter account which tweets=

>> about the status of your hidden service, where you could make an
>> emergency
>> announcement. Perhaps you could have a passcode required to enter the
>> site
>> that changes on a daily basis and is announced from twitter, so that y=
our
>> users get in the habit of checking twitter before logging in to your
>> site.
>>
>> On Mon, Mar 2, 2015 at 6:40 PM, Adrien Johnson <adrienj@adrienj.com>
>> wrote:
>>
>>> Deleting your key and taking down your service would prevent further
>>> compromise of your system, but if your private key was already
>>> stolen, it
>>> wouldn't stop an attacker from continuing to announce your key and
>>> running
>>> an imposter service.
>>>
>>> --=20
>>> tor-talk mailing list - tor-talk@lists.torproject.org
>>> To unsubscribe or change other settings go to
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>>
>=20


--UdNcPtGP8L3h9e31INIFjidopAqBucPlE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQGcBAEBCgAGBQJU9YqtAAoJENYNZOc0WPKFQXcL/ibH39YUJMLOWb6MBqNas5hQ
6fe0OLFp7aWmunAvA16YyWk1uDbixdxjQAYDUB1QMRqXY6lu+c+WsWNbqkS+1xoE
dkwjVC81ZsPiz3p9NtTMy9w4FEt8ulFwQfTPbOOIQUlr3dVXy+fJyfuWTCM4sWVl
1MpiGLP1q71eJk2W2Xa7psFjXL3wtCPC8biEyLZX/mpmoRruwSXcYw8DWCBThzjy
i0FPuPazCsD+WpvjBCbvU9Ta4vGnpu4S6oKEph9B6PCpA0878YgXiDtow4WeOM6E
mE+5V5iN2gSUPDd9j8GlJPh8lMotSXxY/E/4lAskJYlMkgVl3r65nx19vtjQbrga
mPNIRSx/5xf66aj61jOJhD2Wsc1+vWAvIv9f1IcRJzvRxNIPstwCNpxX1q2brEk7
9iObmb3P8IhyPOPJMz0sbEzOeOANIFN33xPhcFot+ku/LJHpvTjaX9lwhqEul+JN
OauWr4o+lbTpheA8RlhyK/h5FS4sDHL8YM1Vc9MH4A==
=3kCJ
-----END PGP SIGNATURE-----

--UdNcPtGP8L3h9e31INIFjidopAqBucPlE--

--===============4160417849375824166==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============4160417849375824166==--

