On 09/11/14 12:50, George Kadianakis wrote: > Hidden Service authorization is a pretty obscure feature of HSes, that > can be quite useful for small-to-medium HSes. > > Basically, it allows client access control during the introduction > step. If the client doesn't prove itself, the Hidden Service will not > poroceed to the rendezvous step. > > This allows HS operators to block access in a lower level than the > application-layer. It also prevents guard discovery attacks since the > HS will not show up in the rendezvous. It's also a way for current > HSes to hide their address and list of IPs from the HSDirs (we get > this for free in rend-spec-ng.txt). > > In the current HS implementation there are two ways to do authorization: > https://gitweb.torproject.org/torspec.git/blob/HEAD:/rend-spec.txt#l768 > both have different threat models. >
https://gitweb.torproject.org/torspec.git/blob/HEAD:/rend-spec.txt#l936 936 "client-key" NL a public key in PEM format A private key is what's actually generated. Not sure if it's a bug in the spec, or a bug in tor. From a quick read of the rest of it, I'm guessing the spec? X -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev