[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #9499 [BridgeDB]: BridgeDB should hand out identity fingerprints
#9499: BridgeDB should hand out identity fingerprints
-----------------------+----------------------------------------------------
Reporter: mikeperry | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: BridgeDB | Version:
Keywords: path-bias | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Once we deprecate Vidalia fully and switch to Tor Launcher, nothing should
be in the way of handing out identity hex keys for bridges. Well, nothing
except #9445 (which if it comes down to it, I can fix quickly myself).
It is important to hand out these fingerprints because it mitigates path
bias/route capture attacks. Without the identity fingerprint, a firewall
could potentially MITM the bridge connection for purposes of unwrapping
TLS, in order to see the Tor cell headers and bitstomp/tag cells to
control circuit destinations and deanonymize users. We have detectors for
these attacks in place, but they can't be enforced yet because of the
highly variable rate of CPU overload/circuit failure on the network. Other
solutions to bitstomping (like wide-block ciphers) will also mitigate
these attacks, but they are a long ways off.
With the identity fingerprint, the TLS links will be authenticated (our
TLS connections use the identity key to sign a short-lived TLS link key).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9499>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs