[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 228: Cross-certifying identity keys with onion keys



25.02.2014 17:22, Nick Mathewson:
>  You _could_ do something weird in the TAP protocol where you .

do something I don't tell you. ;)

(I saw that this one was caught already)

It should be something like this, in case anyone wonders.

>   (You _could_ do something weird in the TAP protocol where you
>    receive an onionskin that you can't process, relay it to the
>    party who can process it, and receive a valid reply that you
>    could send back to the user.  But this makes you a less effective
>    man-in-the-middle than you would be if you had just generated
>    your own onion key.  The ntor protocol shuts down this
>    possibility by including the router identity in the material to
>    be hashed, so that you can't complete an ntor handshake unless
>    the client agrees with you about what identity goes with your
>    ntor onion key.)

But I think there is another one.

> 4. Performance impact
> 
>    Routers do not generate new descriptors frequently enough for
>    them to need to

worry about performance for this matter. (?)

Or was it something else?

Regards,
Sebastian (bastik)

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev