AFAIK, this should also be possible with the current state of HS descriptor publishing.
It should be possible, yes, but it's not a serious problem due to the decentralised nature of hidden service descriptor publishing. On the other hand I'm under the impression that there's only a few directory servers and that they're critical to the operation of the Tor network, so this would become and issue if directories were used instead. You could potentially cripple the whole network.
Till #8244 is solved, they can even accuse future HSDirs.
That's a good point, actually. It would be more labour intensive to contact future HSDirs, but you could and it would produce the same result.
This is worth thinking about. However, even with the current situation, Hidden Services periodically establish circuits to their HSDirs, so I'm not sure if ditching the hash ring will make any difference.
It would make a difference because currently HSDirs change every 24 hours or so. If directory authorities were used as HSDirs instead they would (probably) be used indefinitely.
On Tue, Nov 12, 2013 at 12:11 AM, George Kadianakis desnacked@riseup.net wrote:
Kang td66bshwu@gmail.com writes:
Here are my thoughts regarding why merging the Hidden Service directory system and regular directory system is a bad idea.
Thanks for your thoughts.
I'm also unsure on whether ditching the hash ring system is a good idea, but here are some comments on your thoughts:
It would mean each directory server effectively has a list of every hidden service in the network. This may or may not be an issue if the descriptors are encrypted.
This should not be an issue when #8106 is implemented. We should only ditch the hash ring after #8106 gets implemented.
Additionally you could clog up the directory servers (potentially causing a DoS situation) by publishing massive quantities of hidden service descriptors. This may already be possible with router descriptors, however, I'm not sure; do directory servers store an arbitrary number of router descriptors from the same IP?
AFAIK, this should also be possible with the current state of HS descriptor publishing.
Since directory servers don't tend to change they would appear responsible for each hidden service, opening up the possibility of lawyer attacks => "we demand you stop hosting descriptors for this criminal hidden service", or "you have been aiding criminals by serving this hidden service's descriptors". Also, since they don't change it would be far more worthwhile for an adversary to try to attack or subvert them. The moving-target system that is currently in place is far stronger against these types of attacks.
IANAL, so I can't really comment on this point.
Still, it seems to me that even with the current hash ring system, someone can accuse HSDirs for hosting descriptors of an HS for the current time period. Till #8244 is solved, they can even accuse future HSDirs.
Lastly since the hidden service will be establishing a circuit to each directory server periodically it may be possible to perform statistical attacks such as a predecessor attack against it. This isn't an issue with router descriptors since the onion routers aren't trying to be anonymous, but it is an issue with hidden service descriptors.
This is worth thinking about. However, even with the current situation, Hidden Services periodically establish circuits to their HSDirs, so I'm not sure if ditching the hash ring will make any difference. _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev