[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 228: Cross-certifying identity keys with onion keys

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal 228: Cross-certifying identity keys with onion keys
From: "Sebastian G. <bastik.tor>" <bastik.tor@xxxxxxxxxxxxxx>
Date: Sat, 01 Mar 2014 14:22:12 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 01 Mar 2014 08:22:25 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=W1L8RP5K5ZoqBO4Z0bstKUpZ/8b0cNkX4WCSt90p0rY=; b=JqcalDLXsaSf6MNdKN2EOn8df9pg+O+5UgdiH/k84WFVAh8F4XQrhRbkRMwkpmZZo7 jZW8YfO/zXdqpzrBdlUsoBNA7MsIzYBA8ZVT6k5evu0r1b6Xyyi0gHWNZcsf3nTcFUb6 fV3kGstH53S4dxYCQbaEs1ofh8btFcfQRbo87narvAWrNfixljbCqPuigUmvOLawboyE IEMGNxrlhSSiMfUf/2F+tQ+xeGHU2X0YDgVyFkYVDqDe1z8GaPsdFc4apPFUriXmU96o OtRBs5a1J6ElPK9BibSVHpa5JCEbTPBq52ozDHBnfw2TFEUwYJsi8v60A59d0ziZmviw zqVA==
In-reply-to: <CAKDKvuzC4j5OVCULqTZ6DnoQAL0wqqqumLeMeGq4qMb9wHr6Kg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuzC4j5OVCULqTZ6DnoQAL0wqqqumLeMeGq4qMb9wHr6Kg@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0

25.02.2014 17:22, Nick Mathewson:
>  You _could_ do something weird in the TAP protocol where you .

do something I don't tell you. ;)

(I saw that this one was caught already)

It should be something like this, in case anyone wonders.

>   (You _could_ do something weird in the TAP protocol where you
>    receive an onionskin that you can't process, relay it to the
>    party who can process it, and receive a valid reply that you
>    could send back to the user.  But this makes you a less effective
>    man-in-the-middle than you would be if you had just generated
>    your own onion key.  The ntor protocol shuts down this
>    possibility by including the router identity in the material to
>    be hashed, so that you can't complete an ntor handshake unless
>    the client agrees with you about what identity goes with your
>    ntor onion key.)

But I think there is another one.

> 4. Performance impact
> 
>    Routers do not generate new descriptors frequently enough for
>    them to need to

worry about performance for this matter. (?)

Or was it something else?

Regards,
Sebastian (bastik)

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Proposal 228: Cross-certifying identity keys with onion keys
  - From: Nick Mathewson

Prev by Author: Re: [tor-dev] Proposal xxx: Further SOCKS5 extensions (Was Pluggable transport SOCKS5 extensions)
Next by Author: Re: [tor-dev] Some initial analysis on the new "Triple Handshake Attack" and Tor
Previous by thread: Re: [tor-dev] Proposal xxx: Further SOCKS5 extensions (Was Pluggable transport SOCKS5 extensions)
Next by thread: Re: [tor-dev] Proposal 228: Cross-certifying identity keys with onion keys
Index(es):
- Author
- Thread