From 1279f1b8fdf577e2f9076aaa84173016b7c9476b Mon Sep 17 00:00:00 2001 From: Karsten Loesing Date: Thu, 31 Jul 2008 13:27:14 +0000 Subject: Proposal 121: Limit maximum descriptor size to 20 kilobytes to prevent abuse. svn:r16303 --- proposals/121-hidden-service-authentication.txt | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'proposals/121-hidden-service-authentication.txt') diff --git a/proposals/121-hidden-service-authentication.txt b/proposals/121-hidden-service-authentication.txt index 30a3152..971572d 100644 --- a/proposals/121-hidden-service-authentication.txt +++ b/proposals/121-hidden-service-authentication.txt @@ -26,6 +26,8 @@ Change history: scalable authorization protocol (2.2), rewrote existing authorization protocol (2.3); changes based on discussion with Nick + 31-Jul-2008 Limit maximum descriptor size to 20 kilobytes to prevent + abuse. Overview: @@ -212,6 +214,23 @@ Details: (clients and servers would have to be upgraded anyway for using the new features). + An adversary could try to abuse the fact that introduction points can be + encrypted by storing arbitrary, unrelated data in the hidden service + directory. This abuse can be limited by setting a hard descriptor size + limit, forcing the adversary to split data into multiple chunks. There + are some limitations that make splitting data across multiple descriptors + unattractive: 1) The adversary would not be able to choose descriptor IDs + freely and have to implement an own indexing structure. 2) Validity of + descriptors is limited to at most 24 hours after which descriptors need + to be republished. + + The regular descriptor size in bytes is 745 + num_ipos * 837 + auth_data. + A large descriptor with 7 introduction points and 5 kilobytes of + authorization data would be 11724 bytes in size. The upper size limit of + descriptors should be set to 20 kilobytes, which limits the effect of + abuse while retaining enough flexibility in designing authorization + protocols. + 1.2. Client authorization at introduction point The next possible authorization point after downloading and decrypting -- cgit v1.2.3-54-g00ecf