[Sovereign Keys] Sovereign Keys and Tor

[Peter Eckersley]

A lot of people ask about the degree to which Tor and hidden services /need/
to be the fallback routing mechanism for SKs.

One answer is: they don't.  SKs could be used with no fallback, or with
proxies, VPNs, or some other complicated fallback routing mechanism.  It would
be up to the client to decide what fallbacks, if any, to use in case of MITMs
or connection blocking.

Of course, there is benefit to standardisation: servers and clients using the
same secure routing method creates an incentive for everyone to get on that
same bandwagon.  At the moment, Tor looks like the most robust option we have.

The design is currently a little big vague on these questions.  I'm thinking
about updating it to make fallback to a Tor hidden service an /option/ for the
server operator, and to allow other (arbitrary) fallback specifications.  So
eff.org can say, "1234567890abcdefgh.onion is our fallback", google.com can
say "use an UDP OpenVPN to 8.8.8.8 port 88", and someone else could say "we
have an I2P service, here's the address!"

Control over these fallbacks would be added to the existing "Alteration of
protocols" message.

I imagine that if we do end up building and deploying SKs, we'll encourage
servers and clients to support .onion fallbacks by default, but that won't be
required.

-- 
Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993