[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7139 [Tor]: Tor involuntarily sets TLS session tickets

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #7139 [Tor]: Tor involuntarily sets TLS session tickets
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Thu, 18 Oct 2012 10:29:58 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 18 Oct 2012 06:29:51 -0400
In-reply-to: <048.2469f03be6b81a0b6eca162328da2fe9@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <048.2469f03be6b81a0b6eca162328da2fe9@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#7139: Tor involuntarily sets TLS session tickets
-----------------------------------+----------------------------------------
    Reporter:  nextgens            |        Type:  defect                        
      Status:  needs_review        |    Priority:  major                         
   Milestone:  Tor: 0.2.2.x-final  |   Component:  Tor                           
     Version:                      |    Keywords:  tor-relay ssl tls security pfs
      Parent:                      |      Points:                                
Actualpoints:                      |  
-----------------------------------+----------------------------------------

Comment(by nextgens):

 So, my point number 2 in the original report is incorrect and should read:

 2) security: It has implications regarding PFS (the key material
 encrypting the ticket is ephemeral but might be swapped out to disk) and
 exposes more attack surface than strictly necessary (Tor doesn't use the
 tickets in any case)

 The PFS interval is not linked to MAX_SSL_KEY_LIFETIME_INTERNAL at all.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7139#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #7139 [Tor]: Tor involuntarily sets TLS session tickets
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #7139 [Tor]: Tor involuntarily sets TLS session tickets
Next by Author: Re: [tor-bugs] #7066 [Tor]: Guard disablement by path-bias detector must be disabled or removed
Previous by thread: Re: [tor-bugs] #7139 [Tor]: Tor involuntarily sets TLS session tickets
Next by thread: Re: [tor-bugs] #7139 [Tor]: Tor involuntarily sets TLS session tickets
Index(es):
- Author
- Thread