[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5578 [Flashproxy]: Investigate WebRTC for flash proxy NAT punching



#5578: Investigate WebRTC for flash proxy NAT punching
----------------------------+-----------------
     Reporter:  dcf         |      Owner:  dcf
         Type:  task        |     Status:  new
     Priority:  normal      |  Milestone:
    Component:  Flashproxy  |    Version:
   Resolution:              |   Keywords:
Actual Points:              |  Parent ID:
       Points:              |
----------------------------+-----------------

Comment (by dcf):

 Replying to [comment:24 infinity0]:
 > Continuing from the above, the following option probably would not
 require any changes to the ICE authentication code, nor the facilitator to
 have another certification key (nor to use the existing encryption key for
 certification) - but it does assume the existence of a fully-known
 confidential channel between the facilitator and the browser proxy (i.e.
 not SSL with x509).
 >
 > 1. the client, L, generates a secret key K(R) and sends it to the
 facilitator in an encrypted client registration. this means only the
 facilitator can read K(R).
 > 2. when the facilitator picks a proxy, R, to serve L, it gives it K(R)
 via the confidential channel. now only the facilitator and the proxy can
 read K(R).
 > 3. R then uses K(R) as the authentication key for ICE as normal. no
 changes to normal ICE authentication are needed.
 > 4. L assumes that the facilitator works honestly, and that no-one else
 can read K(R) in transit, due to the confidential channel.
 >
 > edit: thinking more about it, in the current system it's not so
 necessary for K(R) to remain fully-known confidential, since we're not
 assuming anything about the behaviour of proxies. they could be malicious,
 and they could be MITMd and replaced by an adversary. so, the above
 sequence is only really needed "for show" to be compatible with what ICE
 expects.
 >
 > (it may become more relevant if we ever track the behaviour of proxies
 in some future reputation system, but such a system would require the
 solution of this problem anyway.)

 Thanks for finding these links. I'm beginning to understand better. The
 key exchange you describe seems reasonable on first reading.

 Can signalling be done as a single request/response? If so, we might be
 able to build it into appspot rendezvous.

 It may also be fine to use whatever signalling and ICE channel is used by
 Google hangouts, or whatever is the most common user of WebRTC.

 I don't know what you mean by "fully-known confidential channel."

 A good first goal would be to have two C++ programs that are capable of
 chatting with each other, after being given an offer and answer manually.
 That can serve as a basis for the client and server transport plugins. We
 can use it to test our ideas as we work out the details of signalling.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5578#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs