Thus spake Mike Perry (mikeperry@xxxxxxxxxxxxxx): > You're failing to see the distinction made between adversaries, which > was the entire point of the motivating section of the document. Rekeying > *will* thwart some adversaries. > > > I suspect getting the keys through either mechanism might be > > trivial compared to getting the infrastructure in place to use > > the keys for a non-theoretical attack that is cost-effective. > > The infrastructure is already there for other reasons. See for example, > the CALEA broadband intercept enhancements of 2007 in the USA. Those can > absolutely be used to target specific Tor users and completely > transparently deanonymize their Tor traffic today, with one-time key > theft (via NSL subpoena) of Guard node keys. Btw, before the above causes someone to jot "Enemy Combatant" down in a file somewhere, I just want to clarify that I believe "lawful intercept" is a total sham, dangerously weakening critical infrastructure for little gain. Once deployed (too late!), it can and will be exploited by a wide variety of actors (too late!). Also, replace "NSL subpoena" with "any variety of intimidating thugs with guns (and/or money)". They're pretty much the same level of "due process" IMO. Further, I think we can expect many/most relay operators to run straight to the EFF/ACLU/FBI in the event of coercion (destination depends on adversary). However, I do *not* believe we can expect the same from arbitrary datacenter admins. Hence, I feel that one-time key theft is a valid and realistic adversary, given current weaknesses in the Tor protocol and client software. -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays