[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5968 [Tor]: Improve onion key and TLS management (was: Improve onion key management)

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5968 [Tor]: Improve onion key and TLS management (was: Improve onion key management)
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 10 Apr 2013 00:02:28 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 09 Apr 2013 20:02:37 -0400
In-reply-to: <049.f47df7abd8ea940c858f8dd249532f19@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.f47df7abd8ea940c858f8dd249532f19@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5968: Improve onion key and TLS management
-------------------------+--------------------------------------------------
 Reporter:  mikeperry    |          Owner:                    
     Type:  enhancement  |         Status:  new               
 Priority:  major        |      Milestone:  Tor: 0.2.5.x-final
Component:  Tor          |        Version:                    
 Keywords:  tor-relay    |         Parent:  #5456             
   Points:               |   Actualpoints:                    
-------------------------+--------------------------------------------------
Changes (by mikeperry):

  * milestone:  Tor: unspecified => Tor: 0.2.5.x-final


Comment:

 What if we put a hash of the TLS cert we're using in the current
 microdescriptor? Clients could then check that hash during/after TLS
 handshake, and simply close+log any mismatches. It seems like we can check
 the hash after establishment without issue, so long as it is done before
 we try to use the connection for circuits.

 Then, so long as relays verify that what they attempt to publish is what
 gets signed by the authorities in the consensus, we should have
 effectively removed the ability for identity key theft to allow TLS
 compromise without the additional theft of the consensus keys.

 I am putting this to 0.2.5.x because it seems simple enough, and would be
 a huge improvement if we can authenticate TLS in this way. If no one else
 is going to take it, I suppose I could try.

 Would we be opposed to placing this hash in the microdescriptor? Is there
 a better place for it that clients can still somehow see/use?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5968#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #7061 [Flashproxy]: Investigate a wordpress.COM solution
Next by Author: Re: [tor-bugs] #8673 [Flashproxy]: host a flashproxy-reg-url on s3.amazonaws.com
Previous by thread: Re: [tor-bugs] #7061 [Flashproxy]: Investigate a wordpress.COM solution
Next by thread: Re: [tor-bugs] #7160 [Flashproxy]: Move facilitator to a neutral dedicated domain
Index(es):
- Author
- Thread