Re: [Sks-devel] Tor hidden service /onionbalance for hkp

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Tor hidden service /onionbalance for hkp

From:	Daniel Kahn Gillmor
Subject:	Re: [Sks-devel] Tor hidden service /onionbalance for hkp
Date:	Fri, 13 Nov 2015 09:42:50 -0500
User-agent:	Notmuch/0.20.2 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu)

On Fri 2015-11-13 06:08:37 -0500, Kristian Fiskerstrand wrote:
> On 11/13/2015 11:27 AM, Christoph Egger wrote:
>> Is there some documentation published on what is needed on the side
>> of a keyserver operator? I'd really like to get my keyserver added
>> there (next week sounds good for doing the work) but don't really
>> know what is needed.
>
> 1) set up a tor hidden service for 11371 (it is encrypted to the
> endpoint, so no TLS needed to add complexity), see [0]

Please make sure that the tor hidden service is pointing at your http
reverse proxy, and not at your sks listener directly.

see
https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering#!http-performance
for more information about a reverse proxy if you don't already have one
set up.

This is needed because the sks listener itself is trivially DoS-able
with a "slow loris"-style attack, and exposing that directly through tor
will let one user block all other users from your service entirely.

> 2) Verify that it is stable for some time
> 3) send OpenPGP signed onion address to me

Kristian, i hope that when requests come in for tor hidden services, you
are verifying that the hidden service itself meets the same requirements
needed for the "RProx" column (at https://sks-keyservers.net/status/)
before including them in the onionbalance pool.

Thanks for maintaining this!

    --dkg

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Tor hidden service /onionbalance for hkp, Kristian Fiskerstrand, 2015/11/12
- Re: [Sks-devel] Tor hidden service /onionbalance for hkp, Malte, 2015/11/13
- Re: [Sks-devel] Tor hidden service /onionbalance for hkp, Christoph Egger, 2015/11/13
  - Re: [Sks-devel] Tor hidden service /onionbalance for hkp, Malte, 2015/11/13
  - Re: [Sks-devel] Tor hidden service /onionbalance for hkp, Kristian Fiskerstrand, 2015/11/13
    - Re: [Sks-devel] Tor hidden service /onionbalance for hkp, Daniel Kahn Gillmor <=
    - Re: [Sks-devel] Tor hidden service /onionbalance for hkp, Kristian Fiskerstrand, 2015/11/13
    - Re: [Sks-devel] Tor hidden service - what's the rationale?, Christoph Anton Mitterer, 2015/11/13
    - Re: [Sks-devel] Tor hidden service - what's the rationale?, Robert J. Hansen, 2015/11/13
    - Re: [Sks-devel] Tor hidden service - what's the rationale?, Christoph Anton Mitterer, 2015/11/13
    - Re: [Sks-devel] Tor hidden service - what's the rationale?, Robert J. Hansen, 2015/11/13
    - Re: [Sks-devel] Tor hidden service - what's the rationale?, Hendrik Grewe, 2015/11/13
    - Re: [Sks-devel] Tor hidden service - what's the rationale?, Christoph Anton Mitterer, 2015/11/13
    - Re: [Sks-devel] Tor hidden service - what's the rationale?, Alain Wolf, 2015/11/13
    - Re: [Sks-devel] Tor hidden service - what's the rationale?, Daniel Kahn Gillmor, 2015/11/13
    - Re: [Sks-devel] Tor hidden service - what's the rationale?, Christoph Anton Mitterer, 2015/11/13

Prev by Date: Re: [Sks-devel] Tor hidden service /onionbalance for hkp
Next by Date: Re: [Sks-devel] Tor hidden service /onionbalance for hkp
Previous by thread: Re: [Sks-devel] Tor hidden service /onionbalance for hkp
Next by thread: Re: [Sks-devel] Tor hidden service /onionbalance for hkp
Index(es):
- Date
- Thread