On Fri, Jul 29, 2016 at 11:26 AM, George Kadianakis desnacked@riseup.net wrote:
So basically in this scheme, HSDirs won't be able to verify the signatures of received descriptors.
The obvious question here is, is this a problem?
I'm not sure I fully understand, so here's a couple of quick questions before I look more deeply. (I'm assuming that descriptors are indexed by their ephemeral address here. If that's wrong and they're indexed by something other than than ephemeral address, my analysis is wrong.)
1) In your scheme, how does descriptor replacement work? In the current scheme, if my introduction points change, I can upload a new descriptor. In this scheme, it seems that either _anyone_ can upload a new descriptor with the same ephemeral address (which is insecure), or descriptors cannot be replaced (which is problematic).
2) Even if descriptors can't be replaced, there's still a problem: What stops an attacker from racing the hidden service to try to upload their own competing descriptor with the same ephemeral address?