[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #22945 [Obfuscation/Snowflake]: End-to-end confidentiality for Snowflake client registrations

Subject: [tor-bugs] #22945 [Obfuscation/Snowflake]: End-to-end confidentiality for Snowflake client registrations
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 15 Jul 2017 21:29:35 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 15 Jul 2017 17:29:48 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#22945: End-to-end confidentiality for Snowflake client registrations
---------------------------------------+-----------------
     Reporter:  dcf                    |      Owner:
         Type:  enhancement            |     Status:  new
     Priority:  Medium                 |  Milestone:
    Component:  Obfuscation/Snowflake  |    Version:
     Severity:  Normal                 |   Keywords:
Actual Points:                         |  Parent ID:
       Points:                         |   Reviewer:
      Sponsor:                         |
---------------------------------------+-----------------
 Client requests sent to the /client broker endpoint use TLS to the front
 domain, and TLS from the front to the broker, but the fronting service
 itself (e.g. App Engine) can inspect them in plaintext. The fronting
 service unavoidably gets to learn the IP addresses of clients, but we
 could encrypt the additional metadata that appears in the registration
 messages.

 I was thinking of giving the broker a private key and wrapping client
 registrations in a [https://godoc.org/golang.org/x/crypto/nacl/box NaCl
 box].

 This is roughly how it worked in flash proxy. The facilitator had a
 private RSA key, and client registration methods were encrypted before
 being posted to the facilitator.
 https://gitweb.torproject.org/flashproxy.git/tree/facilitator/facilitator.cgi?id=1.4#n60
 The actual key material was isolated into a facilitator-reg-daemon process
 that was separated from the web server and facilitator CGI:
   https://gitweb.torproject.org/flashproxy.git/tree/facilitator
 /facilitator-reg-daemon?id=1.4

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22945>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #23015 [- Select a component]: dfsf
Next by Author: Re: [tor-bugs] #20946 [Core Tor/Fallback Scripts]: Make it easier to find contacts for a fallback list
Previous by thread: Re: [tor-bugs] #22944 [Applications/TorBirdy]: RSS: prevent fetching of channel icons (was: RSS:prevent fetching of RSS icons)
Next by thread: [tor-bugs] #22946 [Applications/Tor Browser Sandbox]: Implement a MAR decompressor/delta updater.
Index(es):
- Author
- Thread