[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-dev] Re: Using hidden service key with TLS client authentication
How would PKCS#11 help? It seems like a standard for cryptographic
tokens. Sorry, I don't quite understand.
On 6/8/26 11:04 PM, Jeremy Rand wrote:
techmetx11 via tor-dev:
Hi tor-dev mailing list,
Is there a way to capsulate a Tor hidden service Ed25519 private key
inside a TLS EE certificate and use it in TLS?
I wanted to use this specifically for XMPP's server-to-server TLS
connections, which uses mTLS to prove if the client connecting is who
they say they are. Currently with XMPP Tor server-to-server
connections, we have to use dialback (telling the server to connect
back to the client to authenticate its identity,
https://xmpp.org/extensions/ xep-0220.html) to prove it, which is a
legacy and insecure form of server-to-server authentication
If this is possible, then it would get rid of a reason to keep
dialback around and less roundtrip for the server authentication.
Kind regards,
techmetx11
Hi!
Possible via PKCS#11 (basically the same logic as for TLS server
certs), though I haven't written the TLS CCA code paths for that yet.
However, probably not desirable in the way that you want. In some
setups (e.g. Whonix), the application and the Tor daemon are in
different trust domains. If you *replace* the onion dialback
authentication with TLS CCA, then anyone who compromises the
application can bypass the authentication. Of course, with your
current scheme, anyone who compromises the Tor daemon can bypass the
authentication. The most secure scheme is probably to do both TLS
*and* onion auth, in both directions; that way an attacker would have
to compromise both the application and the Tor daemon in order to
bypass auth.
Cheers,
_______________________________________________
tor-dev mailing list -- tor-dev@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-dev-leave@xxxxxxxxxxxxxxxxxxxx