[tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
--+-
 Reporter:  asn   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  tor-hs scaling onionbalance
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 HSv3 need some mods to support the onionbalance design.

 That's because of the cross-certs of the intro key in the descriptor (with
 the desc signing key). Which means that the onionbalance node would need
 to know the intro privkey to be able to complete the cross-cert with its
 own descriptor signing key.

 Here is an approach to route around this with v3 coming from the Seattle
 hackfest:

 {{{
 The descriptor-signing private key for each day is generated based on a
 hash of a shared secret that is shared between the onion service
 controller and the onion service instances.  This way, the instances know
 what the signing key for each day will be.  [Because this is a signing
 key, forward secrecy is not endangered.]

 When uploading descriptors, the instances generate "bogus" descriptors
 (associated with different identity keys) containing intro points and keys
 generated in a way suitable for including in the combined service's onion
 descriptor.  They cross-certify the master signing key, not their own
 descriptors' signing keys.  They upload these descriptors to the hash
 ring.  They look normal to the hash ring directory servers, since only the
 encrypted parts are weird.

 To generate the combined descriptors, the service controller periodically
 downloads all the "bogus" descriptors above, and stuffs their contents
 into a combined descriptor.

 Since the shared secret produces the descriptor keys, the instances can
 also produce descriptors with the valid descriptor signing key generated
 from the shared secret.

 Instances can optionally use client authentication.
 }}}

 This is quite a bit of mods to support onionbalance, but it does seem like
 a plausible approach.

 We should investigate more and move forward here!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * cc: gk (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:  Sponsor27-must
-+-
Changes (by asn):

 * sponsor:   => Sponsor27-must


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
Parent ID:   | Points:  20
 Reviewer:   |Sponsor:  Sponsor27-must
-+-
Changes (by asn):

 * points:   => 20


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
Parent ID:  #29998   | Points:  20
 Reviewer:   |Sponsor:  Sponsor27-must
-+-
Changes (by pili):

 * parent:   => #29998


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
Parent ID:  #29998   | Points:  20
 Reviewer:   |Sponsor:  Sponsor27-must
-+-

Comment (by nickm):

 A big choice to make here will be whether to fix #29583 or not.  I think
 we should fix #29583, but to do so will create some compatibility issues
 that we'll need to navigate.

 If we don't fix #29583, this ticket is easier.  If we do fix it, we'll
 need additional machinery to make onionbalance possible on v3 descriptors.
 I'm attaching a draft proposal I wrote a while ago about how to make that
 work; we should turn it into a real proposal if we decide to fix #29583.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
Parent ID:  #29998   | Points:  20
 Reviewer:   |Sponsor:  Sponsor27-must
-+-
Changes (by nickm):

 * Attachment "xxx-onionbalance-v3.txt" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
  network-team-roadmap-2019-Q1Q2 |
Parent ID:  #29998   | Points:  20
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-
Changes (by gaba):

 * keywords:  tor-hs scaling onionbalance => tor-hs scaling onionbalance
 network-team-roadmap-2019-Q1Q2


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by asn):

 Just some notes from a recent discussion about onionbalance vs the current
 poor man's onionbalance where every node races each other for uploading
 descriptors:

 With the poor man's solution, there are issues when you start
 removing/rebooting nodes, since if the offline node currently has the
 active descriptor there will be reachability issues until another node
 wins the race.

 We could fix this by making all nodes upload more frequently, and be able
 to pause publishes from the rebooting node, and also by ensuring that all
 clients will re-fetch descriptors  smoothly if they can't connect to the
 intro points.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Description changed by nickm:

Old description:

> HSv3 need some mods to support the onionbalance design.
>
> That's because of the cross-certs of the intro key in the descriptor
> (with the desc signing key). Which means that the onionbalance node would
> need to know the intro privkey to be able to complete the cross-cert with
> its own descriptor signing key.
>
> Here is an approach to route around this with v3 coming from the Seattle
> hackfest:
>
> {{{
> The descriptor-signing private key for each day is generated based on a
> hash of a shared secret that is shared between the onion service
> controller and the onion service instances.  This way, the instances know
> what the signing key for each day will be.  [Because this is a signing
> key, forward secrecy is not endangered.]
>
> When uploading descriptors, the instances generate "bogus" descriptors
> (associated with different identity keys) containing intro points and
> keys generated in a way suitable for including in the combined service's
> onion descriptor.  They cross-certify the master signing key, not their
> own descriptors' signing keys.  They upload these descriptors to the hash
> ring.  They look normal to the hash ring directory servers, since only
> the encrypted parts are weird.
>
> To generate the combined descriptors, the service controller periodically
> downloads all the "bogus" descriptors above, and stuffs their contents
> into a combined descriptor.
>
> Since the shared secret produces the descriptor keys, the instances can
> also produce descriptors with the valid descriptor signing key generated
> from the shared secret.
>
> Instances can optionally use client authentication.
> }}}
>
> This is quite a bit of mods to support onionbalance, but it does seem
> like a plausible approach.
>
> We should investigate more and move forward here!

New description:

 HSv3 need some mods to support the onionbalance design.

 That's because of the cross-certs of the intro key in the descriptor (with
 the desc signing key). Which means that the onionbalance node would need
 to know the intro privkey to be able to complete the cross-cert with its
 own descriptor signing key.

 Here is an approach to route around this with v3 coming from the Seattle
 hackfest:

 >The descriptor-signing private key for each day is generated based on a
 hash of a shared secret that is shared between the onion service
 controller and the onion service instances.  This way, the instances know
 what the signing key for each day will be.  [Because this is a signing
 key, forward secrecy is not endangered.]
 >
 >When uploading descriptors, the instances generate "bogus" descriptors
 (associated with different identity keys) containing intro points and keys
 generated in a way suitable for including in the combined service's onion
 descriptor.  They cross-certify the master signing key, not their own
 descriptors' signing keys.  They upload these descriptors to the hash
 ring.  They look normal to the hash ring directory servers, since only the
 encrypted parts are weird.
 >
 >To generate the combined descriptors, the service controller periodically
 downloads all the "bogus" descriptors above, and stuffs their contents
 into a combined descriptor.
 >
 >Since the shared secret produces the descriptor keys, the instances can
 also produce descriptors with the valid descriptor signing key generated
 from the shared secret.
 >
 >Instances can optionally use client authentication.


 This is quite a bit of mods to support onionbalance, but it does seem like
 a plausible approach.

 We should investigate more and move forward here!

--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by s7r):

 * cc: s7r (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  asn
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
  network-team-roadmap-september tor-spec|
Parent ID:  #29998   | Points:  8
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-

Comment (by asn):

 Work here has started and you can find release-early-release-often updates
 here:
 https://github.com/asn-d6/onionbalance/tree/v3_dev_wip

 This is my worktree so that I dont keep all this code on my laptop. This
 is not meant to be used (or even seen) yet.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  asn
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance tor- |  Actual Points:
  spec network-team-roadmap-2020Q1   |
Parent ID:  #29998   | Points:  8
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-
Changes (by gaba):

 * keywords:  tor-hs scaling onionbalance network-team-roadmap-september
 tor-spec => tor-hs scaling onionbalance tor-spec network-team-roadmap-
 2020Q1


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  asn
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tor-hs scaling onionbalance tor- |  Actual Points:
  spec network-team-roadmap-2020Q1   |
Parent ID:  #29998   | Points:  8
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-
Changes (by asn):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 Boom! Closing this ticket! Thanks for everything!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  asn
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tor-hs scaling onionbalance tor- |  Actual Points:
  spec network-team-roadmap-2020Q1   |
Parent ID:  #29998   | Points:  8
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-
Changes (by asn):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 Closing this! No work for network team is left for OBv3 to be a reality!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
  network-team-roadmap-september |
Parent ID:  #29998   | Points:  20
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-
Changes (by gaba):

 * keywords:  tor-hs scaling onionbalancenetwork-team-
 roadmap-2019-Q1Q2 => tor-hs scaling onionbalance network-team-roadmap-
 september


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
  network-team-roadmap-september tor-spec|
Parent ID:  #29998   | Points:  20
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-
Changes (by dgoulet):

 * keywords:  tor-hs scaling onionbalance network-team-roadmap-september =>
 tor-hs scaling onionbalance network-team-roadmap-september tor-spec


Comment:

 I've taken nickm's draft and cleaned it up as an official draft: prop306.

 https://lists.torproject.org/pipermail/tor-dev/2019-July/013942.html

 For merge, see my torspec.git branch: `ticket26768_01`

 At this point, we'll proceed with the easy approach for OnionBalance v3
 that is not fixing #29583 just now but still having prop306 in the
 backlog.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  asn
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
  network-team-roadmap-september tor-spec|
Parent ID:  #29998   | Points:  20
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-
Changes (by dgoulet):

 * owner:  (none) => asn
 * status:  new => assigned


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  asn
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
  network-team-roadmap-september tor-spec|
Parent ID:  #29998   | Points:  16
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-
Changes (by dgoulet):

 * points:  20 => 16


Comment:

 Points changed at the Stockholm meeting.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  asn
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
  network-team-roadmap-september tor-spec|
Parent ID:  #29998   | Points:  15
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-
Changes (by dgoulet):

 * points:  20 => 15


Comment:

 Points changed at the Stockholm meeting.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  asn
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
  network-team-roadmap-september tor-spec|
Parent ID:  #29998   | Points:  15
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-

Comment (by asn):

 Opened ticket about v3 descriptor support for stem:
 https://trac.torproject.org/projects/tor/ticket/31369#ticket

 Still need to figure out how the blinded key generation is gonna work in
 Python since that's needed for HSPOST.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  asn
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
  network-team-roadmap-september tor-spec|
Parent ID:  #29998   | Points:  15
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-

Comment (by teor):

 Replying to [comment:14 asn]:
 > Opened ticket about v3 descriptor support for stem:
 https://trac.torproject.org/projects/tor/ticket/31369#ticket
 >
 > Still need to figure out how the blinded key generation is gonna work in
 Python since that's needed for HSPOST.

 We could start with the reference implementation from the tests?
 https://gitweb.torproject.org/tor.git/tree/src/test/ed25519_exts_ref.py#n34

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  asn
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
  network-team-roadmap-september tor-spec|
Parent ID:  #29998   | Points:  15
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-

Comment (by asn):

 FWIW, I learned that Joe Landers started working on onionbalance v3 a few
 months ago and have some stem code and OB code that could be useful to us:
 
​https://github.com/joelanders/stem/commit/e8455584cf50d7a398f994a7ea761baf3c7d6c00
 
​https://github.com/joelanders/onionbalance/commit/1d30e6c5076ec2ee17e4b7a2a63ed72d0c32a670

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  asn
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
  network-team-roadmap-september tor-spec|
Parent ID:  #29998   | Points:  8
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-
Changes (by asn):

 * points:  15 => 8


Comment:

 Reducing the amount of points, since I also assigned points to child
 ticket #31369.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  asn
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
  network-team-roadmap-september tor-spec|
Parent ID:  #29998   | Points:  5
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-
Changes (by asn):

 * points:  8 => 5


Comment:

 Further reducing the amount of points, now that I opened #31648.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  asn
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
  network-team-roadmap-september tor-spec|
Parent ID:  #29998   | Points:  10
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-
Changes (by asn):

 * points:  5 => 10


Comment:

 Pumping this up to 10 points to account for unforeseen overhead (like
 #31648) and other final touches.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  asn
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
  network-team-roadmap-september tor-spec|
Parent ID:  #29998   | Points:  8
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-
Changes (by asn):

 * points:  10 => 8


Comment:

 Reducing points by 2, since I splitted another task into #31777 .

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26768 [Core Tor/Tor]: Support onionbalance in HSv3

[Tor Bug Tracker & Wiki]

#26768: Support onionbalance in HSv3
-+-
 Reporter:  asn  |  Owner:  asn
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
  network-team-roadmap-september tor-spec|
Parent ID:  #29998   | Points:  8
 Reviewer:   |Sponsor:
 |  Sponsor27-must
-+-
Description changed by asn:

Old description:

> HSv3 need some mods to support the onionbalance design.
>
> That's because of the cross-certs of the intro key in the descriptor
> (with the desc signing key). Which means that the onionbalance node would
> need to know the intro privkey to be able to complete the cross-cert with
> its own descriptor signing key.
>
> Here is an approach to route around this with v3 coming from the Seattle
> hackfest:
>
> >The descriptor-signing private key for each day is generated based on a
> hash of a shared secret that is shared between the onion service
> controller and the onion service instances.  This way, the instances know
> what the signing key for each day will be.  [Because this is a signing
> key, forward secrecy is not endangered.]
> >
> >When uploading descriptors, the instances generate "bogus" descriptors
> (associated with different identity keys) containing intro points and
> keys generated in a way suitable for including in the combined service's
> onion descriptor.  They cross-certify the master signing key, not their
> own descriptors' signing keys.  They upload these descriptors to the hash
> ring.  They look normal to the hash ring directory servers, since only
> the encrypted parts are weird.
> >
> >To generate the combined descriptors, the service controller
> periodically downloads all the "bogus" descriptors above, and stuffs
> their contents into a combined descriptor.
> >
> >Since the shared secret produces the descriptor keys, the instances can
> also produce descriptors with the valid descriptor signing key generated
> from the shared secret.
> >
> >Instances can optionally use client authentication.
>

> This is quite a bit of mods to support onionbalance, but it does seem
> like a plausible approach.
>
> We should investigate more and move forward here!

New description:

 We are implementing onionbalance in v3! This is the master ticket.

 [Description changed to not confuse people with the old design.]

--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs