GitLab

Would it be possible to add a detection mechanism for stolen onion service keys?

How it could work (I know very little about Tor internals): A HSDir could tell the tor client that someone else with the same key announced a hidden service just minutes ago. To determine that it was someone else, a random number could be sent with each announcement of an onion service, and that number randomly changes every time tor is restarted. If tor isn't restarted but the HSDir tells the announcing tor client that a different number was used to announce the onion service before, one could reasonably suspect that the key has been compromised. The user could then try to rule out a false positive, and get a new key.

It might be problematic that the HSDir can lie to .onions it doesn't like, but as long as no automatic action but the notification is done, this shouldn't cause much harm.

Trac:
Username: ess2