[tor-bugs] #16035 [Tor]: Implement proposal 244: RFC5705 for exporting key material in tls handshake

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#16035: Implement proposal 244: RFC5705 for exporting key material in tls handshake
--------------------+------------------------------------
 Reporter:  nickm   |          Owner:
     Type:  defect  |         Status:  new
 Priority:  normal  |      Milestone:  Tor: 0.2.7.x-final
Component:  Tor     |        Version:
 Keywords:          |  Actual Points:
Parent ID:  #15055  |         Points:
--------------------+------------------------------------
 From the proposal:
 {{{  We use AUTHENTICATE cells to bind the connection-initiator's Tor
   identity to a TLS session.  Our current type of authentication
   ("RSA-SHA256-TLSSecret", see tor-spec.txt section 4.4) does this by
   signing a document that includes an HMAC of client_random and
   server_random, using the TLS master secret as a secret key.

   There is a more standard way to get at this information, by using the
   facility defined in RFC5705.  Further, it is likely to continue to.
   work with more TLS libraries, including TLS libraries like OpenSSL 1.1
   that make master secrets and session data opaque.

 }}}

 This is easy, and easily done as part of #15055

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16035>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs