[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 176: Proposed version-3 link handshake for Tor

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal 176: Proposed version-3 link handshake for Tor
From: Nick Mathewson <nickm@xxxxxxxxxxxx>
Date: Tue, 27 Sep 2011 10:36:14 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 27 Sep 2011 10:36:30 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=yTdiCVEeeewLsfg5Pw4nSUR42GeRBQgNzAmARMWkols=; b=JdtO8uKJzd95I79khhQMufNQeAd3sa8Ny9vz81jidpZtOGs57rZAhdy41fxECwTeeX yis6EYLTuwe7iUqmL6y0sKscn8IIPXB4vahGHOGL23TfLAzJb8m3UbUTxk5qMTl5CeZ5 qedRiEjrk9C3n1BSn99N1lIzif+ckNcdYpKHI=
In-reply-to: <CAKDKvuy8aCXKYEeNN2dQsbAkrYohRzVrRRzxohBJ-mCirfVkkA@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <AANLkTinQjEz2C9MSyZNWABNMqqJrv9eFdbUY7VnMoAA4@xxxxxxxxxxxxxx> <20110920181314.GU21539@xxxxxxxxxxxxxx> <CAKDKvuy8aCXKYEeNN2dQsbAkrYohRzVrRRzxohBJ-mCirfVkkA@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx

On Wed, Sep 21, 2011 at 1:58 PM, Nick Mathewson <nickm@xxxxxxxxxxxx> wrote:

I'm thinking of a few more tweaks to this proposal, based on implementation.

Here's one:

> I think on reflection that we should change the TLSSECRETS field from
> optional to required in all AUTHENTICATE cells.  Only relays need to
> send it, after all.

Doing this makes us more secure, at the expense of making it a little
harder for now to write a relay using an inflexible TLS library that
you can't change.

Another change: Previously I had said that every server (including
relays and bridges) should send an AUTH_CHALLENGE cell to say "I'd
like authentication".  In fact, that should only apply to relays:
There is never a point in authenticating to a bridge, right?
Similarly, bridges should only authenticate to their clients, not to
the relays that they're extending to.

So here, I think, are the  right behaviors for the possible
interactions in the v3 protocol now:
  Client connects to bridge:
    C->B: VERSIONS
    B->C: VERSIONS, CERT, NETINFO
    C->B: NETINFO
  Client or bridge connects to relay:
    C->R: VERSIONS
    R->C: VERSIONS, CERT, AUTH_CHALLENGE, NETINFO
    C->R: NETINFO
  Relay connects to relay:
    R1->R2: VERSIONS
    R2->R1: VERSIONS, CERT, AUTH_CHALLENGE, NETINFO
    R1->R2: CERT, AUTHENTICATE, NETINFO

-- 
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- Re: [tor-dev] Proposal 176: Proposed version-3 link handshake for Tor
  - From: Roger Dingledine
- Re: [tor-dev] Proposal 176: Proposed version-3 link handshake for Tor
  - From: Nick Mathewson

Prev by Author: Re: [tor-dev] Proposal 184: Miscellaneous changes for a v3 Tor link protocol
Next by Author: Re: [tor-dev] Survey on Tor Trac usage and how you manage your tasks
Previous by thread: Re: [tor-dev] Proposal 176: Proposed version-3 link handshake for Tor
Next by thread: [tor-dev] Proposal 184: Miscellaneous changes for a v3 Tor link protocol
Index(es):
- Author
- Thread