[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Abusing Root-CA attack on tor



On Thu, Aug 03, 2006 at 10:05:13PM +0400, unknown_x@xxxxxxxxxxxxx wrote:
 [...]
> Directory servers works like a trusted CA (certification
> authorithy).  Secret key works like a root certificate, belong to
> developers (Root CA).  Public part of this key is contained in each
> tor client or server. Users trust it.

Not quite.  There are multiple directory authorities.  Clients have
the public keys for all of them.  No directory authority is trusted
completely: clients only believe a statement that is made by more than
half of the authorities.

If you want to know how Tor directories work, check out the
dir-spec.txt document.

> Can developers or owners Root C abuse it to make eavsdroping?
> 
> At first look, this is impractical. If developers will starting forging keys of
> independent servers and sign it with Root C, too many users and servers
> will detect it, switch off from the network and drop down the reputation
> of project. 
> 
> I found another way to make it undetectable.
> 
> 1). Agent Mallory get the root key of tor network from developers
> (using servers hacking, secret stealing, law sanction, interrogation
> pressure, etc).

We (the developers) don't have the secret keys to the directory
servers.  The only "root key" here is the one that signs the source
distribution.  But if somebody started putting out fake Tor releases
with modified lists of directory authority public keys, we'd probably
notice that.

Instead we need to assume that Mallory compromises more than half of
the directory authority keys here.  That's not something we try to
defend against, except by trying to make it harder to do: we assume
that if more than half of the authorites are compromised, we lose.


yrs,
-- 
Nick Mathewson

Attachment: pgpZeTKi5txiK.pgp
Description: PGP signature