Changes between Initial Version and Version 60 of Ticket #17945


Ignore:
Timestamp:
Jul 2, 2018, 5:17:42 AM (13 months ago)
Author:
teor
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #17945

    • Property Status changed from new to accepted
    • Property Parent ID changed from #17178 to #24962
    • Property Actual Points changed from to 0.4
    • Property Summary changed from Stop Tor2Web connecting to (Rendezvous) Single Onion Services to Stop single hop client connections to Single Onion Services
    • Property Owner set to dgoulet
    • Property Points changed from to 5
    • Property Milestone changed from Tor: 0.2.8.x-final to Tor: unspecified
    • Property Keywords tor2web tor-hs 029-proposed 029-teor-no needs-design needs-proposal-maybe single-onion review-group-33 034-triage-20180328 034-removed-20180328 added; rsos sos removed
    • Property Reviewer changed from to asn, teor
  • Ticket #17945 – Description

    initial v60  
    1 Tor2Web clients make a one-hop connection to the rendezvous point. Rendezvous Single Onion Services also make a one-hop connection to the rendezvous point. (Single Onion Services expect a client to make an extend request to the Single Onion Service at the end of a 3-hop path.)
     1Tor2Web clients make a one-hop connection to HSDirs, intro points, and rend points. Single Onion Services also make a one-hop connection to the rendezvous point.
    22
    3 This uses Tor as a one-hop proxy (in this case, to a single onion service), which we try to avoid, because it enables certain attacks.
     3This uses Tor as a one-hop proxy (in this case, to a single onion service), which we try to avoid, because it enables certain attacks. We also try to avoid single hop connections in the onion service protocol, because they give IP addresses to middle relays.
    44
    5 For Rendezvous Single Onion Services, I don't know how to prevent this happening. (Should the rendezvous point intervene? Should we add something to the RSOS descriptor?)
    6 
    7 For Single Onion Services, we can modify the Tor2Web client code so it doesn't make the SOS extend request, but falls back to rendezvous mode.
     5See the child tickets for details.