Opened 5 years ago

Last modified 10 months ago

#14854 new defect

Document the hardlimit of HiddenServiceAuthorizeClient basic

Reported by: cypherpunks Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs, tor-doc, hs-auth
Cc: special Actual Points:
Parent ID: Points: .1
Reviewer: Sponsor:

Description

I ran some tests on HiddenServiceAuthorizeClient basic auth-type and found that it stopped working when I created 49 or more clients.
I started with 10 clients and kept adding 10 more at a time. When I had 39 clients, the hidden service worked, but when I added 10 more, the hostname and client_keys were generated as expected, but hidden service stopped working for all of the clients.

HiddenServiceDir /var/lib/tor/test_public/ # tlxnxx74fpmkw2qh.onion
HiddenServicePort 80 127.0.0.1:80
HiddenServiceAuthorizeClient basic \
tlx_cl01, \
tlx_cl02, \
tlx_cl03, \
...
tlx_cl47, \
tlx_cl48, \
tlx_cl49

According to the man page and the specs, the stealth mode doesn't work for more than 16 clients, but implied that the basic mode should work.

Child Tickets

Change History (13)

comment:1 Changed 5 years ago by cypherpunks

Component: - Select a componentTor

It would be nice if an exact hardlimit is documented.

comment:2 Changed 5 years ago by nickm

Keywords: tor-hs added
Milestone: Tor: 0.2.???

comment:3 Changed 5 years ago by arma

Keywords: SponsorR added

comment:4 Changed 4 years ago by nickm

Keywords: SponsorR removed
Sponsor: SponsorR

Bulk-replace SponsorR keyword with SponsorR sponsor field in Tor component.

comment:5 Changed 4 years ago by special

Cc: special added
Severity: Normal

comment:6 Changed 4 years ago by dgoulet

Sponsor: SponsorRSponsorR-can

Move those from SponsorR to SponsorR-can.

comment:7 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:8 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:9 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:10 Changed 2 years ago by dgoulet

Keywords: tor-doc added
Sponsor: SponsorR-can
Summary: HiddenServiceAuthorizeClient basic is not scalable.Document the hardlimit of HiddenServiceAuthorizeClient basic

comment:11 Changed 2 years ago by nickm

Points: .1

comment:12 Changed 12 months ago by traumschule

Keywords: hs-auth added

Let onion service authorization related tickets know of each other.

https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt#n615

[TODO: Also specify stealth client authorization.]
(NOTE: client authorization is not implemented as of 0.3.2.1-alpha.)

comment:13 Changed 10 months ago by amitrana

remove every thing

Note: See TracTickets for help on using tickets.