[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal xxx: Safe cookie authentication

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal xxx: Safe cookie authentication
From: Damian Johnson <atagar1@xxxxxxxxx>
Date: Tue, 7 Feb 2012 11:00:21 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 07 Feb 2012 14:00:35 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=FsFnr/9KFr4qmU4gPpGzrFuvm4ZEnBc1NoW+nlGrG5o=; b=piAQUb0ktCfYlcV+rzlzdrOvhKlvc5emQYxI/S+H+79hMOA7oZ4o58b2wF3goKD8Kw ydSn70ACFw99IOPW4NMuAA+alYoIZsN2HxD7voxc8dJifpr2m69SMVzsdWZX3xpc5L1o zQ1ayBdKe6cRxVqyrWDFHBhaxEjGD/luIwi/c=
In-reply-to: <CABqy+srmCJ7z4NU-wfLBz=3b-iwrg4w=v+9N9AdDsCSZ8zpGDw@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CABqy+soHR0KUG9JFPsf+ewj+222-5fOQgHJEF_NVAwFf6+ZSDw@xxxxxxxxxxxxxx> <CAKDKvuz9zRFHsbKwZLbYFWXV=eW9F-OT0zbxHPBQg50qL5Yehw@xxxxxxxxxxxxxx> <CABqy+srmCJ7z4NU-wfLBz=3b-iwrg4w=v+9N9AdDsCSZ8zpGDw@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx

>  I don't know whether that would be acceptable to controller authors
> and users.

I'm fine with a couple things...
* adding a tor provided blacklist
* adding a tor provided whitelist *if* Tor itself fails to start when
the torrc has an CookieAuthFile outside of that list and all versions
which allow for non-whitelisted files are flagged as obsolete

It would cause confusion for users to be able to define any arbitrary
cookie path in Tor, then have some controllers provide buggy looking
behavior by failing to authenticate.

As mentioned in irc this Safe Cookie proposal should also include the
deprecation of the current CookieAuthentication option. Otherwise a
malicious socket could simply claim to only support non-safe cookie
authentication to still trick controllers into divulging the cookie.
Users could tell their controller to only allow safe cookie auth but
in practice users, of course, won't do that.

Cheers! -Damian
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Proposal xxx: Safe cookie authentication
  - From: Robert Ransom
- Re: [tor-dev] Proposal xxx: Safe cookie authentication
  - From: Nick Mathewson
- Re: [tor-dev] Proposal xxx: Safe cookie authentication
  - From: Robert Ransom

Prev by Author: Re: [tor-dev] Proposal xxx: Safe cookie authentication
Next by Author: Re: [tor-dev] Unit testing blog posts
Previous by thread: Re: [tor-dev] Proposal xxx: Safe cookie authentication
Next by thread: [tor-dev] Tor developers: completed translations now in separate directories
Index(es):
- Author
- Thread