sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Tor hidden service - what's the rationale?

From: Christoph Anton Mitterer
Subject: Re: [Sks-devel] Tor hidden service - what's the rationale?
Date: Fri, 13 Nov 2015 23:20:36 +0100 
Hey.

Sorry to "complain"... but I don't quite get the rationale behind that
hidden service thingy for our key servers - at least not as it's seemed
to be deployed right now.


There's basically two sides of anonymity here... the clients and the
servers.
For the clients to be anonymous, we, as servers, shouldn't need to set
up hidden services.. it should be enough for the clients to use to.

On the server side, the only use case (which is actually a good use
case), I see, would be that we could basically hide keyservers from
powerful players, that may e.g. force a larger number of keyserver
operators to delete, obstruct, etc. certain keys or parts of them,
which may help them in their evil doings.


But that would only work, if the hidden services remain unknown, i.e.
for each of the current keyserver operators (aka "we") it's more or
less useless to ever run a Tor-hidden keyserver,... our names are quite
likely already recorded and such "powerful players" should have a very
easy time to find and of our rented/owned machines, even if we'd e.g.
drop the non-hidden service for say a year.

If these servers run both, the non-hidden and the hidden keyserver,
than the whole thing is, AFAICS, totally useless[0].
Or do I miss anything?

In case I don't, the sks status page colours would be actually
misleading IMHO:
being "green" on the Tor column shouldn't be possible while being green
at any of the other current columns, as this basically means... the
server isn't actually hidden.

So what we'd rather need is that many new operators we get, remain
completely hidden from the beginning on, which is actually a quite
difficult task:
- email communication with this list and peers need to be
hidden/anonymous
- the actual SKS (recon and soon) with the remainder of the server
needs to be hidden/anonymous
- downloading any of the packages/source, via distros and so on, needs
to be hidden/anonymous


Even then, I wouldn't bet that Tor really anonymizes such SKS server.
They way SKS works, with the mesh and everything and the more or less
specific data pattern in terms when keys are recon'ed... may be just
one of these things that powerful players may abuse to find out who
someone is.


And of course it shall be noted, that Torrifying parts of the SKS
network doesn't make it more trustworthy.
It still has the issues that has been discussed here and elsewhere
several times... and which I think, can only somewhat solved, by the
client side, if that would generally query/send to a big bunch of
keyservers.

hkps is IMHO only little help there, especially as it has the big
problem of the strict hierarchical trust... but even if one would
replace that it would still be necessary for clients to ideally contact
a lot of clients for every query/submission.


Cheers,
Chris.



[0] Perhaps with the exception that such actually visible server, which
do however run a hidden Tor service as well, may be needed for the
actually fully hidden ones to recon.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]