Tor Weekly News — December 4th, 2013
Welcome to the twenty-third issue of Tor Weekly News, the weekly newsletter that covers what is happening in the Tor community.
Next-Generation Hidden Services reach draft proposal state
Nick Mathewson has been working on turning a “revamp of the hidden services protocol” into a formal proposal. Last Saturday, Nick blessed the tor-dev mailing list with a post of the current draft for proposal 224, dubbed “Next-Generation Hidden Services in Tor”.
Nick currently lists 25 different people who made writing the new proposal possible, and there will be probably some more to add before the proposal reaches completion. We will spare the reader a full list, but Tor Weekly News’ archives attest that George Kadianakis deserves a special mention for his repeated efforts to move things forward.
The proposal aims to replace “the current rend-spec.txt, rewritten for clarity and for improved design.” The most user visible change from the current hidden services protocol is the new address format. In order to prevent the enumeration of hidden services, the new protocol derives a “blinded key” (section 1.3) from an Ed25519 master identity key. The blinding operation operates on the full key (and not just a truncated hash, as before). With a base 32 encoding of the entire 256 bits (section 1.2), “a new name following this specification might look like:
a1uik0w1gmfq3i5ievxdm9ceu27e88g6o7pe0rffdw9jmntwkdsd.onion”. Other encodings might still be worth consideration as long as they make valid hostnames.
Less visible changes include the departure from RSA1024, DH1024, and SHA1 to prefer Ed25519, Curve25519, and SHA256 as the cryptographic primitives (section 0.3).
The selection of directories responsible for a hidden service will now depend on a periodic “collaboratively generated random value” provided by the Tor directory authorities. This way the directories of a hidden service are not predictable in advance, which prevents targeted denial of service attacks (see ticket #8244 and proposal 225 for a possible scheme).
The new proposal also introduces the possibility of keeping the master identity key offline (section 1.7).
The proposal is completely unfinished when it comes to scaling hidden services to multiple hosts (section 1.5). There have been discussions on this topic, but there is no final decision on what the final scheme should be. The problem with naive scaling schemes is that information about the number of hidden service nodes can leak to adversarial clients or introduction points.
In order to move the proposal forward from the current draft, Nick Mathewson told the readers: “I’d like to know what doesn’t make sense, what I need to explain better, and what I need to design better. I’d like to fill in the gaps and turn this into a more full document. I’d like to answer the open questions. Comments are most welcome, especially if they grow into improvements.” The document is still sprinkled with many TODO items, so feel free to jump in if you want to help!
Tor relay operators meeting at 30C3
Moritz Bartl announced that a meeting of Tor relay operators and organizations will be held as part of the first day of the 30th Chaos Communication Congress in Hamburg on the 27th December. He asked major relay operators and Torservers.net partner organizations to prepare some slides explaining their activities; the German partner organization, Zwiebelfreunde e.V., will hold its own meeting directly afterwards.
Monthly status reports for November 2013
The wave of regular monthly reports from Tor project members for the month of November has begun. Pearl Crescent released their report first , followed by reports from Sherief Alaa, Lunar, Colin C., Nick Mathewson, George Kadianakis, Arlo Breault, and Ximin Luo.
The first release candidate for Tails 0.22 is out. The new version features a browser based on Firefox 24 and has reached beta stage for incremental updates, among other things. Tests are most welcome, as always!
The Tails team called for translators to help with the strings both for Tails 0.22, as well as for the new incremental upgrade software. The strings for translation are now available in the Tails Git repository, and hopefully should also be up on Transifex soon.
Damian Johnson sent out a link to a recording of his talk on the Tor ecosystem at TA3M in Seattle.
David Goulet called for assistance with the code-review process for the Torsocks 2.0 release candidate, and offered some guidance on where to begin.
Erinn Clark and Peter Palfrader upgraded the Tor Bug Tracker & Wiki to Trac version 1.0.
intrigeri began compiling a glossary of words that Tails and its developers use for particular concepts, to assist contributors who might not be familiar with these special meanings.
In order to remove “a full database of relays on our already overloaded metrics machine”, Karsten Loesing is asking for those using the “relay-search service” to speak up before the decommissioning of the service by the end of the year.
Philipp Winter followed up on his experiments in exit scanning and released exitmap, which uses Stem to control the tor daemon in creating circuits to all exit nodes.
Orchid, a Tor client implementation written in pure Java, silently reached the 1.0 milestone on November 27th. Nathan Freitas is looking for comment from the community as he is “thinking about having Orbot use it by default, and then offering ARM and x86 binaries as add-on enhancements.” His main argument is that it “would make the core Tor on Android experience more lightweight for client only use.”
The Electronic Frontier Foundation helped a student group in Iowa convince their university that they should be allowed to hold discussions about Tor on campus. The EFF’s open letter to universities and their “Myths and Facts About Tor” document make useful advocacy material.
Tor help desk roundup
Multiple users asked about using Tor for PC gaming. Tor can only transport TCP, which is how web pages are transmitted. Many video games rely on UDP or other protocols to transport data because of the lower latency. Information these games transport over protocols besides TCP would not be sent over Tor. Also any software used with Tor needs to be tested for proxy obedience. Untested applications might send information without using Tor even if they appear to be configured correctly, and
without the user realizing it.
This issue of Tor Weekly News has been assembled by Lunar, harmony, Matt Pagan, dope457, George Kadianakis, Nick Mathewson, sqrt2 and Roger Dingledine.
Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!
Comments are closed.