[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5578 [Flashproxy]: Investigate WebRTC for flash proxy NAT punching

Subject: Re: [tor-bugs] #5578 [Flashproxy]: Investigate WebRTC for flash proxy NAT punching
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 28 Nov 2013 18:27:58 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 28 Nov 2013 13:27:57 -0500
In-reply-to: <043.48fae9e0746ec2f74d5fe2bbd91f95bb@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.48fae9e0746ec2f74d5fe2bbd91f95bb@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#5578: Investigate WebRTC for flash proxy NAT punching
----------------------------+-----------------
     Reporter:  dcf         |      Owner:  dcf
         Type:  task        |     Status:  new
     Priority:  normal      |  Milestone:
    Component:  Flashproxy  |    Version:
   Resolution:              |   Keywords:
Actual Points:              |  Parent ID:
       Points:              |
----------------------------+-----------------

Comment (by infinity0):

 Continuing from the above, the following option probably would not require
 any changes to the ICE authentication code, nor the facilitator to have
 another certification key (nor to use the existing encryption key for
 certification) - but it does assume the existence of a fully-known
 confidential channel between the facilitator and the browser proxy (i.e.
 not SSL with x509).

 1. the client, L, generates a secret key K(R) and sends it to the
 facilitator in an encrypted client registration. this means only the
 facilitator can read K(R).
 2. when the facilitator picks a proxy, R, to serve L, it gives it K(R) via
 the confidential channel. now only the facilitator and the proxy can read
 K(R).
 3. R then uses K(R) as the authentication key for ICE as normal. no
 changes to normal ICE authentication are needed.
 4. L assumes that the facilitator works honestly, and that no-one else can
 read K(R) in transit, due to the confidential channel.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5578#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #10134 [Obfsproxy]: Create bananaphone transport for obfsproxy
Next by Author: Re: [tor-bugs] #10243 [Obfsproxy]: obfsproxy transports should choose which options are passed to BridgeDB
Previous by thread: Re: [tor-bugs] #5578 [Flashproxy]: Investigate WebRTC for flash proxy NAT punching
Next by thread: [tor-bugs] #10240 [Obfsproxy]: Additional unit tests for obfsproxy/test/test_socks.py
Index(es):
- Author
- Thread