[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7139 [Tor]: Tor involuntarily sets TLS session tickets



#7139: Tor involuntarily sets TLS session tickets
-----------------------------------+----------------------------------------
    Reporter:  nextgens            |        Type:  defect                        
      Status:  needs_review        |    Priority:  major                         
   Milestone:  Tor: 0.2.2.x-final  |   Component:  Tor                           
     Version:                      |    Keywords:  tor-relay ssl tls security pfs
      Parent:                      |      Points:                                
Actualpoints:                      |  
-----------------------------------+----------------------------------------

Comment(by nickm):

 Hm.  So, I buy the "more attack surface than necessary" argument as a
 reason to put it in 0.2.3 and later, but I don't think the swapping
 argument necessarily holds water.

 If we're worried about the key material getting used to encrypt tickets
 getting swapped out to disk, we also need to worry about the session key
 material getting swapped out, surely.  If you're swapping and your swap
 isn't encrypted, I don't think you get PFS guarantees.

 I could be missing something crucial there--am I?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7139#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs