The --use-tor option

Jacob Appelbaum jacob at appelbaum.net
Tue Oct 20 19:44:04 CEST 2015


On 10/20/15, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> On Mon 2015-10-19 10:54:49 -0400, Malte wrote:
>> On Monday 19 October 2015 15:03 Werner Koch wrote:
>>
>>> This is not complete because DNS lookups are leaking.  This could be
>>> fixed […]
>>
>> Maybe Kristian Fiskerstrand would be willing to set up an Onion Service
>> for
>> the SKS-Pool that could be used by default?
>
> I don't think this makes much sense -- there are already keyservers that
> offer hidden services (e.g. qdigse2yzvuglcix.onion), but they are
> individual keyservers.
>
> providing a .onion frontend to the pool would be something very
> different.  how would it work?  would it just proxy connections to other
> members of the pool?  if so, it's basically acting as a tor exit node,
> but a very specialized one.  is this a good idea?
>

It would be possible to use OnionBalance here - someone can run a
popular .onion and add all of the SKS servers with .onions into that
instance of Onion balance. Thus - a single .onion name can redirect
entirely within Tor to every individual SKS server that has a .onion
name/Hidden Service.

> or are you imagining it would do something different?

It would be great if we shipped some .onion SKS servers that work with
Tor by default - not so different than shipping the SKS server pool by
default.

All the best,
Jacob



More information about the Gnupg-devel mailing list