Opened 2 years ago

Last modified 2 months ago

#20742 assigned enhancement

prop224: Implement stealth client authorization

Reported by: asn Owned by: asn
Priority: Very High Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: prop224, needs-proposal, prop224-extra, tor-hs, client-authorization, stealth-authorization, term-project, 035-removed, hs-auth
Cc: peter@…, dmr Actual Points:
Parent ID: Points: 3
Reviewer: Sponsor: SponsorR-can

Description

prop224 currently does not specify stealth client authorization.

This is a feature from rend-spec.txt which makes the HS create a unique onion address for each authorized client. This way revoked clients cannot get presense information about the hidden service, since they don't know the onion addresses of other clients.

This is useful for cases where authorized clients have a chance of turning adversarial and there is a need for total revocation.

tl;dr: We need to specify stealth auth in prop224, and implement it.

Child Tickets

Change History (16)

comment:1 Changed 2 years ago by dgoulet

Component: - Select a componentCore Tor/Tor
Keywords: needs-proposal added
Milestone: Tor: 0.3.???

comment:2 Changed 2 years ago by dgoulet

Keywords: prop224-extra added

This keyword indicate that it is a nice extra feature to have for prop224 but not needed for the minimal viable implementation.

comment:3 Changed 2 years ago by dgoulet

Milestone: Tor: 0.3.???Tor: 0.3.1.x-final

comment:4 Changed 21 months ago by dgoulet

Milestone: Tor: 0.3.1.x-finalTor: 0.3.2.x-final
Owner: set to asn
Status: newassigned

comment:5 Changed 21 months ago by dgoulet

Keywords: tor-hs added

comment:6 Changed 21 months ago by dgoulet

Priority: MediumVery High
Type: taskenhancement

Prioritize prop224 tickets for 031 milestone. They are all "Enhancement".

comment:7 Changed 17 months ago by dgoulet

Milestone: Tor: 0.3.2.x-finalTor: unspecified

We can't make those for 032 so for now they go in Unspecified.

comment:8 Changed 17 months ago by nickm

Keywords: client-authorization sealth-authorization term-project added

comment:9 Changed 9 months ago by pege

Cc: peter@… added

comment:10 Changed 8 months ago by dmr

Cc: dmr added

comment:11 Changed 8 months ago by teor

Keywords: stealth-authorization added; sealth-authorization removed

comment:12 Changed 5 months ago by nickm

Keywords: 035-roadmap-subtask added
Milestone: Tor: unspecifiedTor: 0.3.5.x-final

Adding this to 0.3.5 because its parent is there, but we can remove this if nobody is doing it.

comment:13 Changed 5 months ago by asn

Keywords: 035-roadmap-subtask removed
Milestone: Tor: 0.3.5.x-finalTor: unspecified

Removing this from 035 because no one is doing it and there is no chance it will happen in 035 timeframe.

comment:14 Changed 5 months ago by nickm

Keywords: 035-removed added

comment:15 Changed 3 months ago by dgoulet

Parent ID: #20700

Removing parent, stealth authorization is something else compared to the "descriptor" authorization.

comment:16 Changed 2 months ago by traumschule

Keywords: hs-auth added

Let onion service authorization related tickets know of each other.

https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt#n615

[TODO: Also specify stealth client authorization.]
(NOTE: client authorization is not implemented as of 0.3.2.1-alpha.)

Note: See TracTickets for help on using tickets.