[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: When is the 'MyFamily' setting unnecessary?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: When is the 'MyFamily' setting unnecessary?
From: Gregory Maxwell <gmaxwell@xxxxxxxxx>
Date: Mon, 13 Sep 2010 00:26:02 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 13 Sep 2010 00:26:10 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=du1x9P/v+ElTcVLWYPJfnRmI7lR7/UMomRNXqWxmdVE=; b=cScuDcm/k/6SJzqz7uX4dMhe8lfdcYahppVA39A1Og2CE3f52NhtsJUP+KMb9mpHxo lYmYgM5reDrc/Yzzw+cbfm7s4CC5Qb5T9CX1T+dbax2TgZvPzM7YHH4iVRLboePRfBX5 UOKktgJiWbeDTvFa2va+QBSfI7YRHIOkvhls0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=rp9mDvas9bbq9XHjxcI7W/6YMzvRg9+geeLL4CcGDqekGzzbYZs+6FXMeOWWMDVkq7 sjlsYtb+hSyoYlKQeksPRy1HuoSeQTjHDxggo9k7Brfew9rSF6xX8q4ZXLHuU/m8xYp0 tQtuAHidkFcIlzMI5/XYEtSVsH80YR07gYC/0=
In-reply-to: <20100912211142.2b9e0985@xxxxxxxxx>
References: <4C8CB850.7090800@xxxxxxxxx> <D9624640-1483-4F72-BAAA-648553819357@xxxxxxxxxxxxxxxxx> <4C8CC9BA.609@xxxxxxxxx> <20100912225341.GC2838@xxxxxxxxxxxxxx> <AANLkTimAKJO8z2qgS6DWqekfqmbV1nR3ROHwMrQhh3BO@xxxxxxxxxxxxxx> <20100912184003.7338796f@xxxxxxxxx> <AANLkTimVUyhukzX06EP+YcWnVgsHV_G-nEAvOLEm7NeD@xxxxxxxxxxxxxx> <20100912211142.2b9e0985@xxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On Mon, Sep 13, 2010 at 12:11 AM, Robert Ransom <rransom.8774@xxxxxxxxx> wrote:
>> There we goâ
>> Perhaps the signature could be shipped only to the directory
>> authorities but left out of the published descriptors, no?
> No, the client needs to see it in the relay/bridge descriptor.
>> they'd need to be left outside of the part signed by the nodes, so
>> obviously some reworking is required there).
> Why?

The client needs to see the public key for sure, since thats
effectively a family ID. Does it need to see the signature if instead
it trusts the bridges to have validated the signatures and correctly
ignored/invalidated only and all the nodes with invalid signatures?

If that was workable it would halve the amount of advertised data required.

> Don't forget that the keys and signatures would need to be represented
> in ASCII in the descriptors. ÂIf you're willing to break backward
> compatibility anyway, there is some room for squeezing the existing
> family specifications down, as well (i.e. represent node identity key
> fingerprints in base64, or even base85 (only the clients should care
> about it, and they can probably eat the performance cost)).

I was assuming hex, like the current families. 512/160=3.2  Obviously
base>16 would do even better... With smaller ecc and base85 it would
be rather close in size to the existing fingerprints. (assuming the
signature was omitted)

> Also, don't forget that we can use an elliptic curve modulo a 159-bit
> prime for this -- node family keys are relatively low-value
> authentication keys, and since they would only be used to sign nodes'
> ephemeral *signing* keys, they can be changed with rather little trouble.

Agreed, that they can be small. Though changing them would require
per-node configuration. They ought to at least be strong enough to
discourage mischief, though 159-bit is still harder than anything that
I'm aware of being cracked and would probably leave guessing the
secret as the low hanging fruit.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Follow-Ups:
- Re: When is the 'MyFamily' setting unnecessary?
  - From: Robert Ransom

References:
- When is the 'MyFamily' setting unnecessary?
  - From: tor_ml
- Re: When is the 'MyFamily' setting unnecessary?
  - From: Sebastian Hahn
- Re: When is the 'MyFamily' setting unnecessary?
  - From: tor_ml
- Re: When is the 'MyFamily' setting unnecessary?
  - From: andrew
- Re: When is the 'MyFamily' setting unnecessary?
  - From: Gregory Maxwell
- Re: When is the 'MyFamily' setting unnecessary?
  - From: Robert Ransom
- Re: When is the 'MyFamily' setting unnecessary?
  - From: Gregory Maxwell
- Re: When is the 'MyFamily' setting unnecessary?
  - From: Robert Ransom

Prev by Author: Re: When is the 'MyFamily' setting unnecessary?
Next by Author: Re: The best way to run a hidden service: one or two computers?
Previous by thread: Re: When is the 'MyFamily' setting unnecessary?
Next by thread: Re: When is the 'MyFamily' setting unnecessary?
Index(es):
- Author
- Thread