[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Proposal 176: Proposed version-3 link handshake for Tor
- To: or-dev@xxxxxxxxxxxxx
- Subject: Re: Proposal 176: Proposed version-3 link handshake for Tor
- From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
- Date: Mon, 31 Jan 2011 21:52:00 -0500
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-dev-outgoing@xxxxxxxx
- Delivered-to: or-dev@xxxxxxxx
- Delivery-date: Mon, 31 Jan 2011 21:52:05 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=GLqWYJe+/lJ2Bk3GG2SRMdcPQWpYJZ6GNYiuX68iZHc=; b=Rr4+GNHqmDdz1T5KT9XFxCS2tltWpf2VH30kj0wy0GJ0sF6y48zHOlYHrHKIZVd1FQ i2PmIyxq8bfqJz9mrvyD9OzkUa0t3hmloi1yM2cn8dUwI239TN2eR60zgK9vkr/a6M1Q 5UtkuA9VewLQhL8uEXRRuQnPqeDOJpqxyj/js=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=Fkw88eO4BpE9j9I5lOuclPzdhQzcK1zHWrPV96V637FETb4ppTjEuE31POvpG/4jAr lV8kgteLJRAMoqMM5A0WzOkdMcJ7VGamYHlOXiYHOWmQnMKoF7SZCURFRy6zgIsph2ar Vwvsm/jGqs1SE+TFCDuIka7uaoge18C0bQDnE=
- In-reply-to: <AANLkTinQjEz2C9MSyZNWABNMqqJrv9eFdbUY7VnMoAA4@xxxxxxxxxxxxxx>
- References: <AANLkTinQjEz2C9MSyZNWABNMqqJrv9eFdbUY7VnMoAA4@xxxxxxxxxxxxxx>
- Reply-to: or-dev@xxxxxxxxxxxxx
- Sender: owner-or-dev@xxxxxxxxxxxxx
On Mon, Jan 31, 2011 at 9:50 PM, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote:
[...]
> To authenticate the server, the client MUST check the following:
> * The CERTS cell contains exactly one CertType 1 "Link" certificate.
> * The CERTS cell contains exactly one CertType 2 "ID"
> certificate.
> * Both certificates have validAfter and validUntil dates that
> are not expired.
> * The certified key in the Link certificate matches the
> link key that was used to negotiate the TLS connection.
> * The certified key in the ID certificate is a 1024-bit RSA key.
> * The certified key in the ID certificate was used to sign both
> certificates.
> * The link certificate is correctly signed with the key in the
> ID certificate
> * The ID certificate is correctly self-signed.
Robert Ransom responded to an earlier draft of this proposal,
suggesting that instead of being self-signed, the ID certificate
should be cross-certified by the link key. He said:
> > Yes. I'm not exactly sure why I'm suggesting it.
> >
> > When an OpenPGP public key has a subkey which can be used to generate
> > signatures, GPG requires that that subkey sign the main public key, in
> > addition to requiring that the main public key sign the subkey. The
> > GPG man page states that this prevents some attacks. I don't know
> > whether the cross-certification I'm asking for above prevents any
> > attacks we care about.
[Posted here with permission]
yrs,
--
Nick