hi this is my service http://chatme.im/servizi/tor-onions-service/
2015-10-16 15:07 GMT+02:00 Dave Cridland <[email protected]>: > > > On 15 October 2015 at 21:07, Finn Herzfeld <[email protected]> wrote: > >> That's pretty cool, but this whole mapping thing seems broken. Would >> there be a way for a server to probe another server over the clearnet >> for an onion address, then it can cache that and build it's own list? I >> don't know a ton about the actual XMPP wire protocol so I'm not sure how >> best to go about that, but it seems like something that could be done. >> > > Discovery is, of course, possible, but it's problematic because no direct, > unseeded discovery protocol is going to be immune to metadata scanning. If > you look up SRV records, that's pretty easy to track, and then the Tor > session is not much better than a TLS one (albeit fewer chances of > interception; but the sames one are probably easiest). > > Instead, we might construct a protocol whereby a server starts with a seed > list of services from a trusted source and then gradually learns about > other servers as it requests lists from its peers. It's possible to do this > without trusting all the servers giving you the list, too, if you use > BFT-style algorithms or signed content. > > However... even this is only safe in Prosody because it doesn't perform > OCSP lookups (or indeed any status checking). Traditional OCSP is again > quite easy to track, so you need to use a combination of stapling and > consistently refreshed CRLs. > > Dave. >
