[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #14937 [Tor Browser]: Get meek working in Tor Circuit Display
#14937: Get meek working in Tor Circuit Display
-------------------------+-------------------------------------------------
Reporter: | Owner: arthuredelstein
arthuredelstein | Status: assigned
Type: defect | Milestone:
Priority: normal | Version:
Component: Tor | Keywords: tbb-circuit-display, tbb-usability,
Browser | tbb-4.5-alpha, TorBrowserTeam201503
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Changes (by mikeperry):
* owner: tbb-team => arthuredelstein
* status: needs_information => assigned
Comment:
So I spoke with dcf, and explained that we want to include the node
fingerprint due to tagging attacks -
https://lists.torproject.org/pipermail/tor-dev/2012-March/003347.html. The
node fingerprint is the only thing that currently authenticates the link
to the first hop, and without it an adversary that can intercept the
connection from the CDN to the bridge (or that can MITM TLS from the
client to the domain front) is able to unwrap the Tor TLS and perform
tagging. Due to the use of AES-CTR without a per-hop MAC, four hops would
not mitigate this attack.
dcf seemed amenable to providing meek fingerprints because of this. We
also discussed how we might update if there is a need to change.
Basically, we would just spin up the meek front on a new IP+port (though
this may become tricky for CDNs that only allow port 443).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14937#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs