| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | |
|
| | | |
|
| | | |
|
| |\ \ |
|
| | | | |
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Each replicas uses one of multiple blinded keys (and a different
descriptor signing key) to avoid HSDirs being able to locate other
replicas of the service.
In combination with the changes to the salt and revision-counter,
this also makes it difficult to link descriptors from the same
service at all.
If descriptors for different replicas cannot be linked, then it
becomes much harder for a malicious HSDir to discover other
replicas and attept to DoS them.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Use a different salt for each descriptor replica and upload,
to avoid matching encrypted blobs, which could be used to
link other replicas of the service.
If descriptors for different replicas cannot be linked, then it
becomes much harder for a malicious HSDir to discover other
replicas and attept to DoS them.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Randomise revision-counter start value and increment to avoid
leaking:
* the descriptor validity start time,
* the age of new hidden services,
* the stability of a hidden service,
* a value that could be used to link other replicas of the service.
If descriptors for different replicas cannot be linked, then it
becomes much harder for a malicious HSDir to discover other
replicas and attept to DoS them.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If multiple replicas want to use the same HSDir, give it to the
lower-numbered replica, and have the higher-numbered replica(s)
ignore it when counting nodes.
This avoids services choosing the same HSDir for multiple
replicas / spreads, and therefore losing redundancy.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Exposing raw random bytes from a PRNG has broken Dual EC:
http://projectbullrun.org/dual-ec/ext-rand.html
Based on ioerror's feedback on prop250, make similar changes:
https://lists.torproject.org/pipermail/tor-dev/2015-November/009954.html
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Some hashes were missing distinguishing values, even though other
hashes had them, and the "Cryptographic building blocks" section
appears to require them:
"all signatures are generated not over strings themselves, but over
those strings prefixed with a distinguishing value"
|
| | | | | |
|
| |\ \ \ \
| |/ / /
|/| | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
An updated and expanded version of "Direct Onion Services:
Fast-but-not-hidden services”.
Also borrows heavily from "Single Onion Services" (Proposal #252).
|
| | |/ /
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Remove majority requirement for commitments.
- Remove conflict detection.
- Remove the need for SR keys.
- Don't use signatures in commits.
- Simplify persistent state logic.
- Change the protocol starting time from 12:00UTC to 00:00UTC.
|
| | | | |
|
| |\ \ \ |
|
| | | | | |
|
| | | | | |
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This attempts to make it clear that PTs are not just for Tor, and can
be used by any project, and should be sufficient documentation for
writing the PT glue code both for Tor and other projects.
TODO: Fold in the implemented parts of prop 196/217. I'll do this when
I have time, since statistics are useful for everybody.
Fixes: #13369, #15545
Completes: #16754
|
| |\ \ \ |
|
| |/ / / |
|
| | | | |
|
| |\ \ \ |
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| |/ / / |
|
| | | | | |
|
| | | | | |
|
| |/ / / |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
* ADDS new section, "§5.1. Guard selection algorithm", to path-spec.txt.
* FIXES #17261: https://bugs.torproject.org/17261
|
| |/ /
| |
| |
| | |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |\ \ |
|
| | | | |
|
| |\ \ \
| |/ /
|/| | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Also improve implementation notes.
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
And various other fixups
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Make one authority connection early so the client can check its clock.
Redo the analysis for the new timing schedule.
Add IPv4 and IPv6 alternation scheme for clients that have both an
IPv4 and IPv6 address.
Add retry timer maximum and retry timer reset events.
Include min and max fallback directory weights.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To implement #4483 we need to contact multiple directory mirrors
to increase bootstrap reliability. This patch implements the
exponential backoff suggested in
https://trac.torproject.org/projects/tor/ticket/4483#comment:22
The patch also analyses the reliability of the new scheme, and
compares it to the current Tor implementation.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
Clarify the format of the HS_DESC Replica field and indicate that it is
is defined in rend-spec.txt. Resolves #17226.
|
| | | |
| | |
| | |
| | |
| | | |
Just fixing some line wrap and case (keywords like 'SHOULD' are uppercase by
convention).
|
