Opened 3 months ago

Last modified 3 months ago

#31857 new defect

Consider adopting vanguard's security suggestions for onionbalance

Reported by: asn Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor Version:
Severity: Normal Keywords: tor-hs scaling onionbalance network-team-roadmap-september tor-spec
Cc: s7r, gk Actual Points:
Parent ID: #26768 Points:
Reviewer: Sponsor: Sponsor27-can

Child Tickets

Change History (1)

comment:1 Changed 3 months ago by mikeperry

In particular, the most important is property that it should be possible for an onion service to use onionbalance without giving away how many back-end onionbalance instances there are.

Second to that, and ideally, it would be best if it is possible for a service to use onionbalance v3 without it being obvious to clients that the service is using onion balance at all. So the HSv3 descriptor structure should be the same formatting for onionbalamce case as for the vanilla HSv3 case, and not have different orderings, different numbers of IPs, or recognizable signing oddities.

I'm not sure if this is even feasible with whatever cryptographic tricks we're doing to support v3 (I wish I paid more attention when we were brainstorming among options :/), but maybe there is still a way?

After that, the actual vanguards integration and juggling of the state file is just a nice-to-have.

Note: See TracTickets for help on using tickets.