2

Can I revoke a .onion address, to "open it" back up for registration?

It is possible, in the world of certificate authorities, to maintain revocation lists for keys that have been compromised or are no longer in use.

One can revoke an SSL certificate.

Can one do something like this for the keypair used for a .onion address?

Am I making any sense, here? Is there even an analogy to the sort of revocation I am discussing, here?

One might say that this issue has "layers". Like an onion.

This is my second question on the site, and I welcome all comments, counter-questions, jokes about Shrek or onions, etc.

IAmNoone
  • 1,863
  • 1
  • 11
  • 20
Nathan Basanese
  • 135
  • 7

5 Answers5

3

Anyone with the private key can submit HSDir entries for a .onion address.

There is no "registration" per se, only deriving the private key and its public key, but creating a private key with a specific public key is computationally infeasible.

Those vanity url's like Facebook's facebookcorewwwi.onion are discovered, not registered, by generating billions of key pairs, saving the ones whose urls you containing words you like, like facebook, and trashing the rest.

Jeff Burdges
  • 485
  • 2
  • 13
1

You can't revoke a .onion address in the same sense like an TLS certificate. The .onion address is computed from the identity key each relay maintains (see answer to "How are domain names created"). So you compute the name on your machine. If you want to stop your hidden service and "de-register" the name, it is sufficient to safely delete the directory where the key of your hidden service lives (look for HiddenServiceDir in your torrc).

If someone wants to run a hidden service with the same onion address you used before, this person must be able to produce the same key as yours this person will be able to "register" the same onion name. The key is created from random numbers. So the person must produce the same random number (plus some other values) as you used before. The chance that this happens is negligible. To be specific: You'll need 2^79 tries to find the correct key. Good password can test a billion words per second. I assume that they are also able to produce and test this many keys. Wolfram Alpha can calculate the time it takes: ~2*10^7 years= 20,000,000 years. So it'd take quite some time. ;)

Jens Kubieziel
  • 8,630
  • 5
  • 35
  • 116
1

There is no direct way to revoke an onion address, because there is no registration process for the onion address. If the key is stolen (via malware infestation, for example), the key is always going to work and will always have the same address even if you're not the one who possesses it anymore.

There are alternative revocation schemes out there, such as RevokeSSL (which uses Bitcoin to confirm and revoke an X.509 certificate), and these schemes could perhaps be useful to bolt on for a means of notifying that the key is no longer under the control of its original holder, or is no longer acceptable for whatever reason.

It would be best if they were integrated into the Tor software itself, but failing that they could be integrated into client software which uses Tor.

There is a comment (by Jeff Burdges) on another answer, which says that there is a largely-specified format for a third-party revocation message, but those third-party revocation messages have not been implemented.

In any case, though, the .onion address will eventually expire from the lookup servers. At that point, it will only be able to be reregistered with the lookup servers if another keypair is generated that has the same public key hash. That's the only real effect of "revoking" a .onion address anyway.

sjcaged
  • 126
  • 3
1

Think for a moment about what it actually means to revoke a private key in X.509 PKI.

Originally, you created a key pair, and you submit the public key to a certificate authority (CA) for key signing in certificate signing request (CSR). The CA verifies you owned your domain and probably your identity as well, and sign your public key with their private key, this produces a certificate, which is a file that attests that the CA are satisfied that you fulfill their verification criteria. The certificate's authenticity can be verified by anyone with the CA's public key. Within the certificate contains, among others, your public key, your domain and identity information, and a link to the certificate revocation list (CRL).

When users visits your site, it receives your certificate. The user trusts your certificate because the user trusts the CA, the user checks that the certificate is signed by the CA and by checking the CRL the user also knows that the CA still stand behind their attestation of your certificate.

When you revoke your certificate, what happens is that your CA publishes a document in the CRL that tells users to stop trusting the certificate. What is revoked here is the CA's attestation of your certificate.

With Tor Hidden Service, there's no equivalence to a CA's attestation of your domain ownership. A Tor's key pair is akin to a self signed certificate. A Tor Hidden Service Key self-attests that it is who it says it is. Revoking a Tor Hidden Service Key is done by creating a signed document that tells other users not to trust the key used to sign the document. In essence, publishing a document that the hidden service is closed would suffice this requirement.

Lie Ryan
  • 111
  • 1
0

Just delete the directory with the private key/host name files and restart TOR to get a new address

motsue
  • 45
  • 2