[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #988 [Tor Relay]: Different TLS certs for incoming vs outgoing

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #988 [Tor Relay]: Different TLS certs for incoming vs outgoing
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Mon, 04 Oct 2010 17:03:17 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 04 Oct 2010 13:03:27 -0400
In-reply-to: <044.e0208285a7b178e5aa0e0d8a3760d697@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.e0208285a7b178e5aa0e0d8a3760d697@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#988: Different TLS certs for incoming vs outgoing
--------------------------+-------------------------------------------------
 Reporter:  arma          |         Type:  enhancement
   Status:  needs_review  |     Priority:  minor      
Milestone:  post 0.2.1.x  |    Component:  Tor Relay  
  Version:  0.2.0.34      |   Resolution:  None       
 Keywords:                |       Parent:             
--------------------------+-------------------------------------------------
Changes (by nickm):

  * status:  new => needs_review


Old description:

> We should learn to present different TLS certs for incoming connections
> vs outgoing connections.
>
> The motivating example is bridges. They want to show the same identity
> to people who connect, yet behave like clients when they connect to other
> relays (e.g. change keys when they change IP addresses).
>
> (Of course, this change would provide a new way to test for bridges: if a
> Tor connects to you, connect back and see if the cert is different. But
> at
> least that's an active test that requires the bridge to connect to you
> first. But then, the attack I describe above only kicks in when the
> bridge
> connects to you. Hm.)
>
> [Automatically added by flyspray2trac: Operating System: All]

New description:

 We should learn to present different TLS certs for incoming connections
 vs outgoing connections.

 The motivating example is bridges. They want to show the same identity
 to people who connect, yet behave like clients when they connect to other
 relays (e.g. change keys when they change IP addresses).

 (Of course, this change would provide a new way to test for bridges: if a
 Tor connects to you, connect back and see if the cert is different. But at
 least that's an active test that requires the bridge to connect to you
 first. But then, the attack I describe above only kicks in when the bridge
 connects to you. Hm.)

 [Automatically added by flyspray2trac: Operating System: All]

--

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/988#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #2001 [Tor Relay]: Reachability test for ORPort doesn't complete
Next by Author: Re: [tor-bugs] #1994 [Tor Relay]: Bogus comments in tortls.c
Previous by thread: Re: [tor-bugs] #988 [Tor Relay]: Different TLS certs for incoming vs outgoing
Next by thread: Re: [tor-bugs] #988 [Tor Relay]: Different TLS certs for incoming vs outgoing
Index(es):
- Author
- Thread