Re: [Sks-devel] Tor hidden service - what's the rationale?

[Christoph Anton Mitterer]

On Fri, 2015-11-13 at 17:34 -0500, Robert J. Hansen wrote:
> > Even then, I'm unconvinced this is even possible.  The footprint
> associated with running a keyserver is vast and covers an awful lot
> more
> than just anonymizing TCP/IP connections.
As I've noted below...
But one could still argue, that this is a problem Tor would need to
solve (whether that's practically feasible or not) and that it's
nothing on our protocol layer.
And even if no possible now, one could say that it makes sense to try
out how such infrastructure could be set up, so that once it really
works securely, one can set it up.


> If you want to run an anonymous and deniable service then you're
> going
> to need to break out some serious spy tradecraft: you're going to
> need
> to find a hosting company that won't ask questions... maybe set up a
> shell corporation to pay the bills... figure out some way to sanitize
> all ties between you and the shell corporation... and all the while
> you're doing this, you're becoming *more* visible to the Powers That
> Be,
> because you're acting like either a foreign intelligence service or a
> narcosyndicate.
Next valid point... but also a general problem of Tor hidden
services,... and a problem that would/could eventually be solved when
more and more people set up such services, because even if the
"powerful players" would then know that a set of n severs runs some
hidden services, it would get more and more costly for them to
check/attack all of those.


> Any discussion about anonymizing the server side needs to also
> include
> provisioning, sanitization, and burn care.  (Burn care: "oh crap, the
> Bad Guys know my IP address and they're looking into the shell
> corporation.  What do I do now?"  Burn care is what you do after
> you've
> been burned.)
I'm not sure whether burn care would be really an issues for (most of)
us... at least not as long cryptography itself isn't made "illegal".
Our services are typically not illegal or morally questionable...so
even if "they" would come after you... well... so what?
The operator should hopefully get no legal problems (as I've said,
we're not running a silk road or so)... so the worst thing that could
happen is, that the bad guys take over a trusted hidden server.
But that just brings one back to the point, that one generally cannot
trust any SKS server...


> If you're not having a discussion about practical tradecraft, then
> really, talk about server-side anonymity amounts to a bunch of
> exercises
> in masturbatory paranoia.
Well I wouldn't go that far... the idea of having a large network of
truly hidden keyservers would solve one half of my security concerns
about the whole key publishing/retrival system.


> And if you *are* having this discussion, then congratulations, you
> just
> became Quite Interesting(tm) to some very interesting people.
Cool... someone finally "likes" me ;-)
Seriously, I guess any of us operators... and probably each of us that
write to gpg/cryptography/CFRG/etc mailing lists with more than just
end-user questions have been flagged and scored long time ago.
I still wonder how many "is dangerous to us" points, when I tried to
lobby against TOFU, which is probably just the model which in the (long
term) end helps our friends in Fort Meade and other locations.


Cheers,
Chris.

smime.p7s
Description: S/MIME cryptographic signature