Re: [tor-onions] Connection to a hidden service with a RFC 6455 web-socket - advice on risks please

[Michael Jonker]

Thanks to all for the wealth of valuable information I have received.

I am officially a onion service believer now, and my understanding has 
grown exponentially!



On 06/03/18 19:38, Roger Dingledine wrote:

On Tue, Mar 06, 2018 at 07:27:32PM +, Michael Jonker wrote:

They have asked me to ask here also if, when connected to a hidden service,
the circuit becomes "dirty" after default 10 minutes and resets?

No, onion services use the opposite logic: once you open a circuit to
the onion service, the 10 minute timer starts, and if you open a new
stream you *reset* the timer to a fresh 10 minutes. So as long as you
keep using it, it will stay open.

If 10 minutes pass and you didn't attach a new stream, Tor won't try to
put new streams on that circuit in the future (i.e. it will try to open
a new one).

This 'opposite logic' is actually the same logic that Tor Browser uses
for its circuits, since it uses the socks isolation feature where the
goal is to separate requests between domains, rather than to separate
them between time slots:
https://gitweb.torproject.org/tor.git/tree/src/or/circuituse.c#n2713

--Roger

___
tor-onions mailing list
tor-onions@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions


___
tor-onions mailing list
tor-onions@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions

Re: [tor-onions] Connection to a hidden service with a RFC 6455 web-socket - advice on risks please

[Tom Ritter]

On 6 March 2018 at 10:55, Michael Jonker  wrote:
> 2) Am I perpetrating a security anti-pattern by holding the connection open
> indeterminately?

Unless I'm missing something: no more so leaving a modern web
application tab (Facebook, gmail) open indefinitely.

Which is to say, WebSockets, Facebook, and Gmail all turn you (the
client) into a server. An attacker (which may be the web server you
are connected to or which may be an outside party sending messages to
you through the server) can choose when and how large a message you
will receive.  This capability is what makes it particularly difficult
to defend against Guard Discovery attacks in Hidden Services, and when
you invert the model (where you are the server) it will enable Guard
Discovery attacks on you the client.

I say this to try to be accurate. I don't say it to discourage you or
suggest you shouldn't do this - I think you should. I think it's
fantastic that you're working on providing a responsive web experience
over a hidden service and I hope to see an awesome deployment or blog
post about it in the future.

-tom
___
tor-onions mailing list
tor-onions@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions