[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #5968 [Tor]: Improve onion key and TLS management (was: Improve onion key management)
#5968: Improve onion key and TLS management
-------------------------+--------------------------------------------------
Reporter: mikeperry | Owner:
Type: enhancement | Status: new
Priority: major | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Keywords: tor-relay | Parent: #5456
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Changes (by mikeperry):
* milestone: Tor: unspecified => Tor: 0.2.5.x-final
Comment:
What if we put a hash of the TLS cert we're using in the current
microdescriptor? Clients could then check that hash during/after TLS
handshake, and simply close+log any mismatches. It seems like we can check
the hash after establishment without issue, so long as it is done before
we try to use the connection for circuits.
Then, so long as relays verify that what they attempt to publish is what
gets signed by the authorities in the consensus, we should have
effectively removed the ability for identity key theft to allow TLS
compromise without the additional theft of the consensus keys.
I am putting this to 0.2.5.x because it seems simple enough, and would be
a huge improvement if we can authenticate TLS in this way. If no one else
is going to take it, I suppose I could try.
Would we be opposed to placing this hash in the microdescriptor? Is there
a better place for it that clients can still somehow see/use?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5968#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs