[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Proposal for revised TLS handshake



As some of you may know, there is a plan to make Tor clients more
resistant to being blocked [1]. The first parts of this are already
implemented, and the next step is to make the Tor traffic look more
like HTTPS, so it is hard to block one without blocking the other.

I've been working on a proposal for a new TLS handshake, which is
closer to a HTTP connection than before. Unfortunately we have had to
throw away some nice features of TLS, which Tor needs but HTTPS
doesn't use. So part of the handshake, in particular the client
authentication, has been converted to a custom protcol, inside the
encrypted tunnel.

The draft proposal of the protocol and other issues can be found at:

 http://www.cl.cam.ac.uk/~sjm217/volatile/xxx-tls-certificates.txt

This is in the process of being implemented, so if you have any
comments or suggestions, please do let me know.

Thanks,
Steven.

[1] http://www.torproject.org/svn/trunk/doc/design-paper/blocking.pdf

-- 
w: http://www.cl.cam.ac.uk/users/sjm217/

Attachment: pgpGvV6alwTSF.pgp
Description: PGP signature