http://tor.stackexchange.com/questions/219/how-to-use-hidden-service-authentication any useful
Excellent idea. Worth documenting. I think this fits into the area of telling Tor to prevent connections to a HS from non-authorized parties.
What's latest state of bidirectional authentication?
onioncat handles it at its level by ensuring that even the person not running a hidden service (only running in unidirectional mode) does indeed have the random ipv6 assigned to him by onioncat. The party running the HS provides assurance that their onioncat ipv6 address is indeed tied to their onion address.
The good thing about your suggestion is that it provides strong assurance at the Tor level that the person connecting to you is the one who posses the cookie secret too.
The description of hidden service authentication accomplishes:
However, there may be certain services which are intended to be accessed
66 by a limited set of clients only. A possible application might be a
67 wiki or forum that should only be accessible for a closed user group.
68 Another, less intuitive example might be a real-time communication
69 service, where someone provides a presence and messaging service only to
70 his buddies. Finally, a possible application would be a personal home
71 server that should be remotely accessed by its owner.
So person A (callee) as an onioncat IPv6and person B (caller) has another onioncat IPv6.
Now person B calls person A.
Person B should be confident talking to person A. Authentication fine here.
But what about person A? Person A has no way of knowing, that person B is calling? There could also be a man in the middle? (Not an “easy” “usual” one the comes to mind.) I mean, anyone could set up an onioncat IPv6. And then perhaps brute force (scan) through all available onioncat IPv6 and perhaps hit the right one by chance?
Or the same in slightly other words:
Let’s say two people know each other and trust each other for years but want to communicate without someone else knowing they communicate. They have exchanged OpenPGP keys and know those are the right ones.
Let’s suppose there is an adversary who can perfectly imitate the voice of the caller.
How does the callee know that really the person he thinks is calling, authenticate, and not someone who can imitate the voice?
(Well, probably you notice, because no one can imitate so well yet, I think, but you see the point and it’s important for non-voice communication.)
Onioncat’s IPv6 addressing leverages Tor’s authentication infrastructure of Hidden Services. If both person A and B are running Hidden services the authentication by Onioncat in both directions is solid as the ip address is derived directly from the non spoofable HS address. The newer version of onioncat addresses exactly what you anticipate when one of the parties, the caller, has onioncat in unidrectional mode and not running a HS. I was confused and asked Bernhard how it worked and so he explained it and I posted the response there.
As an aside, your mentioning of HS authentication solves this at a deeper well understood level.
(Well, probably you notice, because no one can imitate so well yet, I think, but you see the point and it's important for non-voice communication.)
Actually Frederic Jacobs (on the Textsecure team) tweeted that he came across a source that revealed that the NSA has the capability to imitate someone’s voice so accurately as to be able to fool a vocal SAS zrtp confirmation between two parties.
Interesting. I guess that works indeed. But faking that voice during a conversation, I don’t think they’re able to do that just yet. Even if they could perfectly fake the voice, in most cases you’d figure it out using the pattern recognition of your brain, because you would find many irregularities in the personality you’re expecting?