[Operators] XMPP federation over Tor : supported by Prosody, join us !

Thomas Camaran camaran at gmail.com
Fri Oct 16 13:12:48 UTC 2015


hi this is my service http://chatme.im/servizi/tor-onions-service/

2015-10-16 15:07 GMT+02:00 Dave Cridland <dave at cridland.net>:

>
>
> On 15 October 2015 at 21:07, Finn Herzfeld <finn at finn.io> wrote:
>
>> That's pretty cool, but this whole mapping thing seems broken. Would
>> there be a way for a server to probe another server over the clearnet
>> for an onion address, then it can cache that and build it's own list? I
>> don't know a ton about the actual XMPP wire protocol so I'm not sure how
>> best to go about that, but it seems like something that could be done.
>>
>
> Discovery is, of course, possible, but it's problematic because no direct,
> unseeded discovery protocol is going to be immune to metadata scanning. If
> you look up SRV records, that's pretty easy to track, and then the Tor
> session is not much better than a TLS one (albeit fewer chances of
> interception; but the sames one are probably easiest).
>
> Instead, we might construct a protocol whereby a server starts with a seed
> list of services from a trusted source and then gradually learns about
> other servers as it requests lists from its peers. It's possible to do this
> without trusting all the servers giving you the list, too, if you use
> BFT-style algorithms or signed content.
>
> However... even this is only safe in Prosody because it doesn't perform
> OCSP lookups (or indeed any status checking). Traditional OCSP is again
> quite easy to track, so you need to use a combination of stapling and
> consistently refreshed CRLs.
>
> Dave.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20151016/3d9f6012/attachment.html>


More information about the Operators mailing list