Mandos Keyserver as a TOR Hidden Service
Björn Påhlsson
belorn at recompile.se
Tue Apr 17 12:06:56 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
On 04/16/2012 12:18 AM, Vladimir Arseniev wrote:
> On 12-04-14 11:41 PM, Fabian Zeindl wrote:
>> this maybe is a wicked idea, but what about hosting the Mandos
>> Keyserver as a hidden service and enabling the mandos clients to
>> connect to the tor-network. This way it's virtually impossible to
>> get the actual location of the mandos keyserver, meaning it's way
>> more secure.
>>
>> What am i missing?
>
> Two issues come to mind. Getting Tor up in preboot environment
> would be nontrivial, I think. But you could use tor2web. Also, Tor
> circuits aren't always reliable. If your Mandos clients defaulted
> to passphrase prompt, they'd need to be rebooted.
We (Teddy and me, Mandos co-authors) have bounced this idea between us
for about a half year now. The last major release added support to run
arbitrary scripts during initramfs (preboot) to setup any kind of
network interface to be used (this also allowed the added support for
wireless networks).
The next major step would be to find a solution on how the Mandos
Keyserver validates that a machine has not been taken down, moved
somewhere and is under analysis. Atm, the keyserver keeps a fairly
constant check on the client, and on a LAN this is working fairly
okey, but the Tor circuits would not be reliable enough to work
without creating a new form of heartbeat mechanism.
Atm, the idea we have been bouncing around recently is to use DTLS to
keep a continuous connection as an unspoofable method to tell the
keyserver it is still alive and has not been taken down (a new form of
checker command). This could allow for longer timeout values without
effecting the use-case when someone malicious comes, takes down the
server, and moves it somewhere else to be studied.
/Björn Påhlsson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEAREDAAYFAk+NQLYACgkQC+Cq+bUsy1I7vQCgjjcfYqD5MVwe/bZheuB9WSFX
Z7MAoLM3NfgSQJLzjR8mkT/a1egNLOy6
=NjQn
-----END PGP SIGNATURE-----
More information about the Mandos-Dev
mailing list