[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

one less onion skin

To: or-talk@xxxxxxxxxxxxx
Subject: one less onion skin
From: James Muir <jamuir@xxxxxxxxxxxxxxx>
Date: Tue, 06 Mar 2007 23:11:16 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Tue, 06 Mar 2007 23:11:13 -0500
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.9 (X11/20070104)

A typical Tor circuit looks like

OP -- OR1 -- OR2 -- OR3

where the three "--" links are all TLS connections. TLS protects the OP's communications from adversaries outside the network, but another layer of crypto (used inside TLS) is needed to protect them from the onion routers themselves (e.g. we don't want OR1 to learn the identity of OR3). Thus, the onion proxy (OP) negotiates AES keys and MAC keys with each onion router; call the AES keys k_1, k_2, k_3 and MAC keys d_1, d_2, d_3.

My question is this: why bother with k_1 and d_1? the communications between OP and OR1 don't need to be protected from the other onion routers. I understand the reason for using k_2,d_2 and k_3,d_3, but k_1,d_1 doesn't seem to be adding anything.

-James

Follow-Ups:
- Re: one less onion skin
  - From: Paul Syverson
- Re: one less onion skin
  - From: Steve Southam

Prev by Author: TLS HMAC key bit-length
Next by Author: Re: one less onion skin
Previous by thread: Re: Noobie Configuration Questions
Next by thread: Re: one less onion skin
Index(es):
- Author
- Thread