#19642: Add a descriptor line for Single Onion Services -------------------------------------------------+------------------------- Reporter: teor | Owner: dgoulet Type: enhancement | Status: | accepted Priority: Medium | Milestone: Tor: | 0.2.??? Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: tor-hs, rsos, sos, 030-proposed, | Actual Points: prop224, TorCoreTeam201609 | Parent ID: #17238 | Points: 0.5 Reviewer: | Sponsor: | SponsorR-can -------------------------------------------------+-------------------------
Comment (by teor): We do encode both IPv4 and IPv6 addresses in the prop224 descriptor, and #17178 has single onion services retry a multi-hop path if the single-hop path is unreachable. #19662 will do the same thing for Tor2web. And #19745 will block So we can get the desired behaviour without a proposal change: * Tor2web always connects to HSDirs using a 3-hop path to avoid denial of service (#20104) * When a HSDir, intro, or rend might become a one-hop proxy, it refuses (#17945) * When Tor2web (#19662) or Single Onion Services (#19663) fail to connect, they retry with a 3-hop path But this still gives the intro and rend point both the Tor2web and single onion service IP addresses, even if they don't successfully connect. So the remaining work in this ticket is: * a single onion service must put a "client-must-multi-hop" line in the unencrypted part HS descriptor * all clients must multi-hop to HSDirs, intro points and rend points with this line in their descriptors: * the HSDir must refuse to serve descriptors with this line to Tor2web clients (this will block Tor2web to Single Onion Services until Tor2web clients upgrade to #20104 - is this a good idea?) * HSDir, intro and rend also refuse connections with non-relays on both sides This prevents HSDir, intro and rend points knowing both sides' IP addresses, and reduces connection failures (except in the Tor2web HSDir case). -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19642#comment:10> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs