Pseudonymous bidirectional user/caller authentication (true P2P)
One big deal that differentiates Tor from all of the P2P networks is that Tor cannot easily be used for true peer-to-peer applications. I assume the reason is there is no way to authenticate an incoming circuit other than by doing some XMPP-like dialback mumbo jumbo. This to me sounds like an unnecessary deficit.
It should be an option for Tor users or applications to store the key used in end-to-end communications with a hidden service such that they can pseudonymously reappear as the same entity when reconnecting at a later time.
They could also have the ability to use the identity of their own hidden service in outgoing calls, making it thus trivial for any receiver to call back.
Use cases are not only all sorts of P2P applications such as Tor-based instant messengers, chat and social networking systems, but even the mere manageability of users on forum-like hidden websites. Instead of forcing visitors to go through the terrible procedures of name registration, captcha compliance and password storage, they could simply be identified by their pseudonymous identity and possibly gain privileges on the site by time spent or other interaction criteria. In other words, pseudonymous authentication would play out systemic strengths of Tor's public-key-based routing in a way that makes websites more pleasurable to use than with the regular Internet.
From my humble understanding of the Tor architecture, only two changes are needed: – An API for apps and users to classify the interaction with certain onions as pseudonymous rather than anonymous. – An API for hidden services to access the pseudonymous authentication data when provided.
Trac:
Username: vynX