Hacker News new | past | comments | ask | show | jobs | submit login

Does it allow someone with knowledge of a key to find the IP addresses of other people interested in that key? Because if yes, the other security guarantees are not all that interesting.

The fact that Tor is mentioned would suggest that you have to add that to be secure.




Hi, I wrote this post, and yes, you're right that IPs would be disclosed, because it is necessary to learn a remote peer's IP before you can make a TCP connection to them. Whether or not this is "secure" depends on who you're trying to be secure against. If you're sharing Linux ISOs, you really don't care who sees you do it; if you're sharing pirated movies, you just care that Disney doesn't find out it was you, so you can use a VPN; if you're sharing government secrets, you might have a more rigorous threat model.

For users in extreme circumstances, Tor gets them a lot, but it also adds a lot of overhead; you'd want to avoid it if you don't need it, not just for your own sake but also for the sake of Tor's finite bandwidth. There is a lot to be said for having a feature like Tor be supported-but-optional, opt-in, and interoperable with users who are not on Tor.

I did consider the idea of allowing Tor hidden service addresses as an alternative identifier to IPs, though that idea comes with its own compromises: you'd only be able to talk to other Tor peers, for instance, or, alternately, every peer would have to be on Tor.

The latter case is obviously a non-option. The former case would kind of work, but the Tor-hidden-service peers' effective network size would be much smaller (since they can only talk to Tor peers) and thus easier to compromise. This is obviously bad - users in need of greater security would end up in a less secure version of the network - and if this subsection gets owned, that could have a second-order impact on the network's overall resilience.


I just had a brief read of the protocol but my understanding is yes, there is nothing like onion routing or similar that could disguise to a peer that is serving the data that the requester is indeed the one who is interested in it.


If I can still get fined or disconnected by my ISP for what I do on the network, the whole "indistinguishable from random noise" and "forward secrecy" really mean nothing as an end user.


Maybe this is also why they underline in the preamble that it is suitable for running over Tor.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: