Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-12-06 Thread s7r
Thanks Lunar for bringing this into discussion. See below. David Goulet wrote: > On 06 Dec (17:23:10), Lunar wrote: >> Hi! >> >> Sorry to be late to the party. I still haven't seen UX concerns fully >> addressed, and I think we should not create a specification that will >> make the life of our

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-12-06 Thread David Goulet
On 06 Dec (17:23:10), Lunar wrote: > Hi! > > Sorry to be late to the party. I still haven't seen UX concerns fully > addressed, and I think we should not create a specification that will > make the life of our users harder if we can avoid it. I believe it can be addressed by a good UI in TBB

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-12-06 Thread Lunar
Hi! Sorry to be late to the party. I still haven't seen UX concerns fully addressed, and I think we should not create a specification that will make the life of our users harder if we can avoid it. s7r: > George Kadianakis wrote: > > I have a more mature torspec branch now for your eyes and

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-12-01 Thread George Kadianakis
George Kadianakis writes: > Nick Mathewson writes: > >> [ text/plain ] >> Hi! I thought I'd write this up while it was fresh in my mind. It >> could be used as an alternative method to the current proposed client >> authentication mechanism. We

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-11-25 Thread s7r
Hello, George Kadianakis wrote: > Nick Mathewson writes: > >> [ text/plain ] >> Hi! I thought I'd write this up while it was fresh in my mind. It >> could be used as an alternative method to the current proposed client >> authentication mechanism. We could implement

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-11-23 Thread George Kadianakis
Nick Mathewson writes: > [ text/plain ] > Hi! I thought I'd write this up while it was fresh in my mind. It > could be used as an alternative method to the current proposed client > authentication mechanism. We could implement both, or just this, or > just the other. > >

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-11-19 Thread Nima Fatemi
> - I feel that the max settings imposed by the 50k max size limit, will satisfy > most crazy hidden service use cases that someone might have wrt scalability > or number of authed clients. It can support up to 350 authed clients, and 20 > intro points. We should increase the max size limit,

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-11-18 Thread George Kadianakis
David Goulet writes: > [ text/plain ] > On 15 Nov (16:29:33), George Kadianakis wrote: >> Nick Mathewson writes: >> >> >> >> Hello, >> >> I worked some more on prop224 client authorization. I have a draft >> torspec patch at prop224_client_auth_3 in

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-11-17 Thread teor
> On 18 Nov. 2016, at 09:20, David Goulet wrote: > > On 18 Nov (08:27:53), teor wrote: >> >>> On 18 Nov. 2016, at 03:52, David Goulet wrote: >>> I ended up using the x25519 scheme described above by Nick. I also ended up dodging the

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-11-17 Thread David Goulet
On 18 Nov (08:27:53), teor wrote: > > > On 18 Nov. 2016, at 03:52, David Goulet wrote: > > > >> > >> I ended up using the x25519 scheme described above by Nick. > >> > >> I also ended up dodging the UX questions raised on this thread, by only > >> specifying the Tor

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-11-17 Thread teor
> On 18 Nov. 2016, at 03:52, David Goulet wrote: > >> >> I ended up using the x25519 scheme described above by Nick. >> >> I also ended up dodging the UX questions raised on this thread, by only >> specifying the Tor protocol level details, and leaving the out-of-band >>

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-11-17 Thread David Goulet
On 15 Nov (16:29:33), George Kadianakis wrote: > Nick Mathewson writes: > > > [ text/plain ] > > Hi! I thought I'd write this up while it was fresh in my mind. It > > could be used as an alternative method to the current proposed client > > authentication mechanism. We

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-11-15 Thread George Kadianakis
Nick Mathewson writes: > [ text/plain ] > Hi! I thought I'd write this up while it was fresh in my mind. It > could be used as an alternative method to the current proposed client > authentication mechanism. We could implement both, or just this, or > just the other. > >

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-11-12 Thread meejah
George Kadianakis writes: > Also, it means that clients need to _securely_ send credentials to the > HS operator and then they need to _wait_ till the HS operator adds > those creds to Tor, before they are able to visit the HS. One thing that might help here is Brian

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-11-12 Thread meejah
Regarding the API / interface for communicating client-keys for hidden- services .. I thought we were encouraging ADD_ONION based services? Personally, I think using the filesystem as "an API" isn't very good. From a controller standpoint, it's *way* simpler to use ADD_ONION properly than

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-11-12 Thread teor
> On 12 Nov. 2016, at 03:41, George Kadianakis wrote: > > teor writes: > >> [ text/plain ] >> >>> On 11 Nov. 2016, at 04:18, George Kadianakis wrote: >>> >>> George Kadianakis writes: >>> [

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-11-11 Thread George Kadianakis
teor writes: > [ text/plain ] > >> On 11 Nov. 2016, at 04:18, George Kadianakis wrote: >> >> George Kadianakis writes: >> >>> [ text/plain ] >>> Nick Mathewson writes: >>> [ text/plain ] Hi! I

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-11-10 Thread teor
> On 11 Nov. 2016, at 04:18, George Kadianakis wrote: > > George Kadianakis writes: > >> [ text/plain ] >> Nick Mathewson writes: >> >>> [ text/plain ] >>> Hi! I thought I'd write this up while it was fresh in my mind. It

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-11-10 Thread George Kadianakis
George Kadianakis writes: > [ text/plain ] > Nick Mathewson writes: > >> [ text/plain ] >> Hi! I thought I'd write this up while it was fresh in my mind. It >> could be used as an alternative method to the current proposed client >> authentication

Re: [tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-11-08 Thread George Kadianakis
Nick Mathewson writes: > [ text/plain ] > Hi! I thought I'd write this up while it was fresh in my mind. It > could be used as an alternative method to the current proposed client > authentication mechanism. We could implement both, or just this, or > just the other. > >

[tor-dev] sketch: An alternative prop224 authentication mechanism based on curve25519

2016-11-04 Thread Nick Mathewson
Hi! I thought I'd write this up while it was fresh in my mind. It could be used as an alternative method to the current proposed client authentication mechanism. We could implement both, or just this, or just the other. My description here will be a bit terser than we'd want in a proper