Re: [Sks-devel] Tor hidden service - what's the rationale?

[Christoph Anton Mitterer]

On Sat, 2015-11-14 at 02:36 +0100, Alain Wolf wrote:
> >And what should be the benefit of that?
> What is the benefit of leaving Tor?
Well you can't argue like that, can you? At least it alone wouldn't be
argument enough for me to set up such service.
Running additional code, here tor, always means additional risk for the
server operator. More code, more possible vulnerabilities.
And more important... it easily gives people a wrong sense of
security... "oh... that keyserver is a hidden tor service, so the bad
guys can't catch them and temper with"

> > If tor works right, there is none, if it doesn't there wouldn't be
> > any
> > either, when you "not leave it" when you hit the hidden service.
> The benefit is, that no exit node and no one else on the Internet
> (outside tor) can profile your communications habits and partners.
And, to my knowledge (though I must admit that I'm not a Tor theorist),
this is no difference to just the client running tor.
As I server operator, I still see some IP,... just that it's not an
exit node, but the last hop.

Or is there any statement from the Tor guys or any paper which shows
that tor get's more secure for the client, when there is no exiting?

The only thing I know would be the encryption, but that's not really
helpful for our usage scenario - the encryption that tor would have,
and that we wouldn't have between the exit node and the non-hidden
server, doesn't really give us anything, as there is already no trust
relationship between server and client.

> Its your address book which you send over there. I assume most
> clients
> do that unencrypted (partly because of the manual steps needed to
> install Kris root cert for hkps).
Still, the hidden server doesn't prevent this... at least not more as
normal Tor would do it until there's another exit node chosen.
The only thing, AFAIU, that helps here is that the client rotates his
requests between many servers.


> We made good progress in encrypting mail-client-to-server connections
> in
> the last years. We are still working, but slowly progressing on
> server-to-server mail encryption. But people continue to happily send
> their complete address-books over the net unencrypted trough HKP.
Valid point, but I don't see how Tor alone would solve this, and
especially not how hidden services improve that.


> And as you seem not to like HKPS either ...
> > hkps is IMHO only little help there, especially as it has the big
> > problem of the strict hierarchical trust... 
> But now that you have been given the possibility of an encrypted
> connection for your client, without hierarchy, but with the added
> benefit of the clients IP anonymity, and yet you still complain.
> What is it that you want?
The strict hierarchy of X509, which we have with hkps is only the tip
of the iceberg, as Kristian would be ultimately the one who's in
control (@Kristian, don't take that personally :) ... sure you're a
good guy, but in principle we must assume that each of us could be
evil).
What you apparently miss, is that the HKPS gives you no trust relation
to the server, at least nothing more than TOFU like.
You know (more or less certain) that you connected to the same server
again,... great,... so what?
It doesn't even give you a small hint of identity of the operator
(Kristian doesn't verify this) and more importantly, even if it would,
there was no prof that the operator gives you proper data.
Anyone can set up a keyserver, ask Kristian for a cert or do the tor
hidden server, even Agent Smith.


> > > Why does facebook run a Hidden Service [0]?
> > Wild guess: Marketing & hype
> All services I provide, public or private, or just personal, are also
> reachable as Tor hidden services.
> The time and cost I need to set up a hidden service is a fraction of
> what I need for any conventional service, by adding a real IP,
> firewall
> rules, DNS entries, TLS keys and certificates etc. etc. .
> 
> As long as this is easier to setup, why make clients leave the the
> Tor
> network, if we both are already inside it?
Uhm that seems a bit strange... how could it be easier? You still have
to do all the real IP stuff, at least for Tor itself.

Anyway, as long as there's no true security benefit behind, I remain
sceptic that this rather lures people into a false sense of security.


Cheers,
Chris.

smime.p7s
Description: S/MIME cryptographic signature