Delivery-Date: Tue, 26 May 2015 05:36:38 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 8E7CA1E034C;
	Tue, 26 May 2015 05:36:36 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 074FC34CCD;
	Tue, 26 May 2015 09:36:30 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id D5DEF34BEF
 for <tor-talk@lists.torproject.org>; Tue, 26 May 2015 09:36:26 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id LPnRd8AL_NGK for <tor-talk@lists.torproject.org>;
 Tue, 26 May 2015 09:36:26 +0000 (UTC)
Received: from windmill.donncha.is (unknown [IPv6:2001:41d0:8:da8a::1])
 by eugeni.torproject.org (Postfix) with ESMTP id 8443E34BDC
 for <tor-talk@lists.torproject.org>; Tue, 26 May 2015 09:36:26 +0000 (UTC)
Received: from [10.10.0.6] (vpn.tcd.pirates.ie [92.51.245.81])
 by windmill.donncha.is (Postfix) with ESMTPSA id 2287C1FC
 for <tor-talk@lists.torproject.org>; Tue, 26 May 2015 12:20:43 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=donncha.is; s=dkim;
 t=1432635643; bh=InYFTIUB4Z9ctIIjNoG1pEFcR5Obe2byuHaTPCF4yxA=;
 h=Date:From:To:Subject:From;
 b=nWqA57s2/CEnPBtYNKpy98yAKbZzXvqUyhbh+Wq/D+GhPvfGZgJurvf658fqdFxWz
 x88WAlkGzanPVpwgd2bXPPtfhQopVPWVE+K2oqpM2Zwf5GQQzC464m5rUmrEKY/P5M
 6XPgFIorAsY9HywpozNXhyI7l+lkJKYlnx3wpf2k=
Message-ID: <55643E87.4070108@donncha.is>
Date: Tue, 26 May 2015 10:36:07 +0100
From: Donncha O'Cearbhaill <donncha@donncha.is>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
OpenPGP: url=http://donncha.is/donncha.asc
Subject: [tor-talk] Hidden Service Scaling Summer of Privacy Project
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0675868560998418032=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0675868560998418032==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="CQT6saj3KisdjASCAMMtOSbBuXPJvS5NI"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--CQT6saj3KisdjASCAMMtOSbBuXPJvS5NI
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi all,

I'll be working this summer on a project to help scale hidden services
and make them more resilient as part of Tor's Summer of Privacy [1].

I am interested in hearing from all existing hidden service operators.
In particular I'd like to understand the use-cases, priorities and
limitations for people who are experience the current limitations of the
hidden service subsystem. There have been anecdotal reports on the Tor
bug tracker that hidden services have trouble scaling to more than 100
concurrent connections [2]. Is this something that operators here have
experienced? There has also been recent DoS campaigns affecting Tor
hidden services which have been challenging to mitigate.

In my project I hope to produce a tool which will allow a hidden service
to be backed my multiple Tor instances which can be spread across
multiple servers and geographical locations. I am considering some of
the following features and I'd be interested to hear how useful they
might be for your onion service:

 - Redundant hidden service hosting with no single point of failure.
 - Secure storage of hidden service keys away from the Tor service on
   smartcards or HSM's
 - From a security perspective, would you prefer to minimize the
software running on the onion service instance servers or minimize
connections to the management server which has access to the service keys=
?

I've anyone has time to share, I'd be very interested in learning about
your experiences and current challenges. I'd also be delighted to hear
about any other features that may be useful to the HS community. Thank
you in advanced for your consideration, I hope that my project may be
useful for your onion services after the summer.

Kind Regards,
Donncha O'Cearbhaill

[1]
https://blog.torproject.org/blog/interview-tor-summer-privacy-student-don=
ncha-ocearbhaill
[2] https://trac.torproject.org/projects/tor/ticket/8902
Full Proposal: https://gist.github.com/DonnchaC/03ad5cd0b8ead0ae9e30



--CQT6saj3KisdjASCAMMtOSbBuXPJvS5NI
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQGcBAEBCgAGBQJVZD6PAAoJENYNZOc0WPKFdFgL/R79XucIjZqWWSpWrzZ3mN3Q
M9leQIVxnfZ4mXDypzDk26oIOnKWPxXvu8ZMhTX36BOLHv6kkkISKnAFiESovkzq
RuDoInuYE0krSCxxM51mJE4RImHYInsAMJXmIifC4B/TrhCyli5loHxkJFSlD4rp
879YYMaN7KZ37hu5Y9nlUESWknWfRNsfw1Vl8S7FywA0yS6XB9lVNzu8slvlAkUZ
TjB2lO3qQQaEjYb+cg/C215WBNHPbpJ+ne42uqrtz9JSshYQtK57i6/Mxmktp9/f
gtG7cV60jcCFXCVQtmcs63CtBikPgpfp+/d/DX1f4W7JAwBfRWMPIrKG/WhNQRiL
gVlEJ/SK6jbFBMqb7pOPgO1yzJix9tnD2uWA4jmFbIDZNC1j+llv1MGUyatDLYTU
4OZSSxe/gN/fPjaBEbN8og2D12zJIBZvxgvxLJN7t21sP4wt/UCJ2cr1Bpa2Ixe2
fEw2hg7iCeIXG3ge6KXk6pRlthjuEaRRU0P4a8wlUA==
=+80C
-----END PGP SIGNATURE-----

--CQT6saj3KisdjASCAMMtOSbBuXPJvS5NI--

--===============0675868560998418032==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============0675868560998418032==--

