[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18221 [Tor]: Validate our DH parameters to prevent socat-type fails.

Subject: Re: [tor-bugs] #18221 [Tor]: Validate our DH parameters to prevent socat-type fails.
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 04 Feb 2016 11:44:02 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 04 Feb 2016 06:44:12 -0500
In-reply-to: <047.2b4d3efca5a1426702d8557c8415da5b@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.2b4d3efca5a1426702d8557c8415da5b@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18221: Validate our DH parameters to prevent socat-type fails.
-----------------------------+------------------------------------
 Reporter:  yawning          |          Owner:
     Type:  enhancement      |         Status:  needs_review
 Priority:  Medium           |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor              |        Version:  Tor: unspecified
 Severity:  Normal           |     Resolution:
 Keywords:  tor-core crypto  |  Actual Points:
Parent ID:                   |         Points:
  Sponsor:                   |
-----------------------------+------------------------------------

Comment (by yawning):

 Replying to [comment:4 cypherpunks]:
 > If the threat is the former, why is it necessary to perform the check on
 every startup? Isn't a build-time unit test sufficient?

 Was my phrasing overly idiomatic?  More still means both...

 The test is dirt cheap as long as it won't be done on every TLS connection
 (and it isn't, just once during initialization).  It could be moved to the
 unit test code, but that involves exposing the currently opaque
 `crypto_dh_t` internals, which doesn't feel great since there's zero
 reason for the internals of the struct to be visible.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18221#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #18221 [Tor]: Validate our DH parameters to prevent socat-type fails.
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #18171 [Tor Browser]: Dlls brokenness with Windows10 Build 14251
Next by Author: Re: [tor-bugs] #18171 [Tor Browser]: Dlls brokenness with Windows10 Build 14251
Previous by thread: Re: [tor-bugs] #18221 [Tor]: Validate our DH parameters to prevent socat-type fails.
Next by thread: Re: [tor-bugs] #18221 [Tor]: Validate our DH parameters to prevent socat-type fails.
Index(es):
- Author
- Thread