[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Tcpcrypt and tor
- To: or-talk@xxxxxxxxxxxxx
- Subject: Tcpcrypt and tor
- From: Gregory Maxwell <gmaxwell@xxxxxxxxx>
- Date: Mon, 30 Aug 2010 00:21:29 -0400
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Mon, 30 Aug 2010 00:21:36 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=KbjVKj+wKCQhXw9U08A0LSM9oPQUVjGoSCPVRP2CaF0=; b=RWk6eij4D5yK+qFqHzElu04+xmbpq6xSUTmcKOZAIPImRsYebASOrewisuBF0vJYAj O1fxdJ1dcrE30riom0vssh6sPdo+WABwfWd81Gc+yRiiBiyjtuqkvJJCsEGW0uxkAea2 kvaf+DM7yXU7CdObvO8Rt2lKThYabBQXkZFWc=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=RutsdPTLt/kw1UlQ/8PU80Nb/gc9HXgE6ELqPU6xBe2W+XLkaD9r0EZOwGMRHxoKXk bYMSApc2cdkhnphshFqlNRRMnqiSOzRqnAS4OI0esiLOJsOnLIS0eMcJe/hPnbzeCpxA w7Uu/Xb6VHnoPbHEaTSKhkGojYXnRvi43Siog=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
Tcpcrypt (http://tcpcrypt.org/) proposes a new extension to TCP to
enable opportunistic encryption with optional authentication. From a
features and performance perspective, it's probably exactly what we
need to get away from the almost-everything-in-the-clear Internet that
we have today.
Unfortunately, it won't interact well with tor as tor is today: It's a
TCP level technique and with tor the TCP sessions don't cross the
network. This means it would provide security between an exit and the
destination but not end to end security.
I spent a little time thinking about this and trying to figure out if
there were some socket options that could be added to tcpcrypt in
order to make it run in a purely proxy mode where the data is end to
end encrypted but the TCP still runs on the exit. However, I don't
think this is possible: It integrates deeply with the TCP state
machine. For example, it uses TCP's sequence numbers as the counter
and replay prevention. It also uses TCP retransmission (with it's own
MAC) to deal with forged data.
I don't like the idea that a future layer-3 transport in tor is the
solution to this: Today tor gains a lot of fingerprinting immunity by
isolating the layer 3/4 and it's also nice that the tor software
doesn't need access to weird raw sockets so that it can inject
packets.
So perhaps someone smarter than I can see a way that tor could gain
end to end crypto in a world using tcpcrypt, perhaps with some changes
to tcpcrypt?
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/