Delivery-Date: Tue, 19 May 2015 01:16:17 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06,
	RCVD_IN_DNSWL_MED,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 257451E107E
	for <archiver@seul.org>; Tue, 19 May 2015 01:16:15 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 2D99535438;
	Tue, 19 May 2015 05:16:10 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 0571F35426
 for <tor-talk@lists.torproject.org>; Tue, 19 May 2015 05:16:07 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id lrK9yhCGTS2m for <tor-talk@lists.torproject.org>;
 Tue, 19 May 2015 05:16:06 +0000 (UTC)
Received: from mail01.sigterm.no (unknown [193.150.121.27])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 99AA8353EA
 for <tor-talk@lists.torproject.org>; Tue, 19 May 2015 05:16:06 +0000 (UTC)
Received: by mail01.sigterm.no (Postfix, from userid 1006)
 id 600EE2E342A; Tue, 19 May 2015 07:16:01 +0200 (CEST)
Received: from smtp.postman.i2p (i2p-outproxy01.privacysolutions.no
 [193.150.121.66])
 by mail01.sigterm.no (Postfix) with ESMTP id D0B512E342C
 for <tor-talk@lists.torproject.org>; Tue, 19 May 2015 07:15:59 +0200 (CEST)
X-Virus-Scanned: clamav-milter 0.97 on milter.postman.i2p
X-Mailer: smtp.postman.i2p - Official I2P Mailer
From: str4d <str4d@i2pmail.org>
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <20150517112641-728-3379-mailpile@mailpile-home>
 <20150517163526.D57CBAE412@smtp.postman.i2p>
In-Reply-To: <20150517163526.D57CBAE412@smtp.postman.i2p>
Message-Id: <20150518234723.156EBAE418@smtp.postman.i2p>
Date: Mon, 18 May 2015 23:47:23 +0000 (UTC)
Subject: Re: [tor-talk] Making a Site Available as both a Hidden Service and
 on the www - thoughts?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

carlo von lynX wrote:
> On Sun, May 17, 2015 at 11:26:41AM -0000, Ben wrote:
>> Anti-abuse scripts --------------------------
>> 
>> There are some off-the-shelf protections built into the site.
>> Given they were designed for the www, they can (and do) ban any
>> IP that's seen as a repeat offender.
>> 
>> Either an exclusion needs to be made, or the HS will sometimes
>> show 'nice' visitors a potentially rude message :)
> 
> When running a HS you don't get *any* clue where the circuit is
> coming from so the off-the-shelf protections may fail. It would be
> cool if Tor was to introduce bidirectionally authenticated circuits
> - that would allow for proper P2P apps over Tor - and in your case
> allow for users to consciously choose pseudonimity instead of
> anonymity (by storing the public key they used to access your site
> last time). This allows you as the site owner to apply behavioral
> ranking logic to pseudonymous users without annoying them with a
> registration.
> 

If the patch to give each inbound circuit its own temporary "IP
address" [0] were ever to be committed, then you could potentially use
off-the-shelf protections to protect HSs. However, the local addresses
are only ever temporarily unique, because they are derived from the
circuit ID; the protection application would need to be carefully
configured so that its timeouts matched the expected durations for
which a circuit ID is expected to be unique.

Bidirectionally-authenticated circuits (like I2P's tunnels) are
certainly a better way to enable protections like these, but
off-the-shelf applications won't work with them. I2P "solves" this by
implementing the protection itself, including some general rate
limiting features in server tunnels that drop connections before the
webserver ever sees them. It also includes a unique local address per
client feature like [0] for use with off-the-shelf applications, but
this is open to collisions (because the client hash space does not fit
into the IPv4 or IPv6 localhost address space).

str4d

[0] https://lists.torproject.org/pipermail/tor-dev/2014-March/006576.htm
l
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVWnnxAAoJEBO17ljAn7PgtqMP/1+GpwdGKcLbyBgEA4diwXlp
KwY1QyB4NgV+swO6LPrfvmKeWIOr5V1Rbw9qrcFqDmcrRNbV2hCioC7pQ5YHLD6W
7ZnnbStJh5AG5B0PBK0d9hMaYuW4D0LzDOvCkHogT32JVitfRW2rEZfIm4XC2TEh
acVIWREUJvqrArykSxUCvMbyZGf2BEvrDQFZ2yuIgRB1FvVnFSOnbv1IXM1WvVI4
kUIb5ORQ+2KXTmKmH/KT2k52c8ofkgeJsTYr209VzHxLHaH2o72PBYS4Seh56JVl
OZb3J/ezDbIYrEupCKZR1ibc5vAWL0dIfA65BsyJ2naJuYu/lAgR6VN6J5/H81+4
zAjb7Jx66S9J6jmzK3uOD/ztS1xJ4gU8VcT4wplQgVdEzXqPXHo3RqczhXN+fG/Y
PDpw4CHfrmcTTmd+C+sHYdpIEGcc2fmUYy1dWLPQ1AwAGLZhstZcgHWhwz7PUvAJ
O5tJFsv3rXka34drXWTfA9/3diLrOlwDMz1HOnRpPhnqFmE6z64Eob4xVOuUmb3D
iu9gcO5hmBc9+S3Imnk8kwUjdKvlVpXi2EvMHEcuhxcajcifRQQtgLHzjwhEh5Lc
CzA0PlrQJf8qKsjWVYeZivkYd8RQN8ape/yWmUDohOQqsepsBxn+1jSVbRd3K7nE
X3UCPecTdFHVFUIeEViX
=6H/8
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

