Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#19923 closed enhancement (fixed)

Upgrade Hidden Service circuits to ntor using keys from the consensus

Reported by: teor Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 029-proposed, rsos, tor-hs, TorCoreTeam201608
Cc: Actual Points:
Parent ID: Points: 1.0
Reviewer: Sponsor:

Description

Split off #17178 and #19163, depends on both.

Single Onion Services build a one-hop path to the client-provided rendezvous point. This circuit is only secured using SSL and TAP, as the INTRODUCE cell only contains TAP onion keys.

But in most cases, the Single Onion Service can look up the ntor onion key for the rendezvous point in the consensus, and therefore it can upgrade to ntor. (If it doesn't find the rendezvous point in the consensus, it simply continues with TAP.)

My suggested solution is to replace the entire rendezvous point extend_info with the extend_info from the consensus (if found). We should do this for both clients and services, whether using Single Onion Services or Tor2web or not (to avoid introducing new fingerprinting mechanisms).

Child Tickets

Change History (4)

comment:1 Changed 3 years ago by teor

Keywords: sos removed
Milestone: Tor: 0.2.???
Summary: Single Onion Services should upgrade to ntor (if they can)Upgrade Hidden Service circuits to ntor using keys from the consensus

I've put the Hidden Service / Single Onion Service version of this code in my branch feature19923 on https://github.com/teor2345/tor.git

Further updates to come.

comment:2 Changed 3 years ago by teor

Resolution: fixed
Status: newclosed

I've folded this back into #19163. It merged cleanly.

comment:3 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:4 Changed 3 years ago by nickm

Milestone: Tor: 0.3.???

Milestone deleted

Note: See TracTickets for help on using tickets.