On 13.09.19 00:27, grarpamp wrote: > On 8/20/19, Bernhard R. Fischer <b...@abenteuerland.at> wrote: >> I finally wrote a HOWTO on using OnionCat with v3 hidden services. I >> also did some patches to OnionCat to have a better integration. >> >> https://www.onioncat.org/2019/08/onioncat-and-tor-hidden-services-v3/ > Thanks. > > Rather than tor killing off v2 onions and HSDirs from the > codebase, thus ending all the good useful carefully chosen > and even required reasons people still use v2 and onioncat > (some of which can be found by searching list archives > for onioncat, P2P, VoIP, add more uses here)...
The article shows, that it is possible to use OnionCat with HSv3, although v3 kills the full automatic addressing method. For having a full automatic addressing (i.e. association between v3-id und IPv6) some kind of lookup mechanism is necessary. Although this could theoretically be managed by DNS, this is NOT a solution because of the well-known DNS leakage problem (and because the private network's reverse delegations are not globally registered and would need some workaround). IMO a solution could be a HSv3-HSv2 compatibility system within the HS directory let's call it HSv23. I propose to create HSv23 entries in the HS dir, which are almost the same as HSv2 but with an additional field including the HSv3-id and the signature is created by the HSv3 key. The index (i.e. the onion-id) of the HSv2a entry is an 80 bit truncated HSv3 id. The lookup then works as follows: 1. Convert IPv6 to onion-id (80 bit) 2. Retreive the HSv23 entry of the HS dir 3. Retreive the HSv3 entry 4. Check signatures of HSv23 und HSv3 entry 5. Connect to HSv3 service Recently, I also wrote an Security Considerations article on OnionCat which also includes a short discussion of the Hsv2/Hsv3 security in respect to OnionCat: https://www.onioncat.org/2019/08/onioncat-security-considerations/ Best regards, Bernhard -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
