Hi All, I'm working on proposal 260's Rendezvous Single Onion Services in #17178.
They are faster, because they have one hop between the service and the introduction and rendezvous points. But this means that their location is easy to discover (non-anonymous). So we want to come up with a design that makes it hard to configure a non-anonymous service by accident. Here's a cut-down version of an email I sent to tor-onions for feedback, for those who are on both lists: Nick's concern was that users could configure Single Onion Services without realising that it provides no server location anonymity. I initially thought we could change the torrc option name to make this clear. ... I now believe that trying to overload the name of a feature with warnings about its downsides was a mistake. … This would mean that Single Onion Service operators would include in their torrc: SingleOnionMode 1 HiddenServiceDir … ... As a separate issue, I think there are two alternative designs that can prevent users from configuring the feature and then exposing their location unintentionally: Tor2WebMode requires users to add a compilation option: --enable-tor2web-mode We could do this with Single Onion Services as well: --enable-single-onion-mode If SingleOnionMode is configured without the compilation option, tor warns the user and refuses to start. When it is configured, tor warns the user they're non-anonymous, then starts. However, using a compilation option makes the feature harder to test. And Tor2Web operators already don't like having to compile separate binaries. It's likely Single Onion operators would feel similarly. Alternately, we could add a torrc option: NonAnonymousMode If SingleOnionMode is configured without NonAnonymousMode, tor warns the user and refuses to start. When it is configured, tor warns the user they're non-anonymous, then starts. I spoke with Nick on IRC and he's happy with either of these options. I'd like to proceed with the NonAnonymousMode torrc option, unless there are compelling reasons against that design. I hope that this will allow us to get SingleOnionMode merged early in tor 0.2.9. Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
