[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7139 [Tor]: Tor involuntarily sets TLS session tickets

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #7139 [Tor]: Tor involuntarily sets TLS session tickets
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Thu, 18 Oct 2012 13:16:11 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 18 Oct 2012 09:16:04 -0400
In-reply-to: <048.2469f03be6b81a0b6eca162328da2fe9@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <048.2469f03be6b81a0b6eca162328da2fe9@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#7139: Tor involuntarily sets TLS session tickets
-----------------------------------+----------------------------------------
    Reporter:  nextgens            |        Type:  defect                        
      Status:  needs_review        |    Priority:  major                         
   Milestone:  Tor: 0.2.2.x-final  |   Component:  Tor                           
     Version:                      |    Keywords:  tor-relay ssl tls security pfs
      Parent:                      |      Points:                                
Actualpoints:                      |  
-----------------------------------+----------------------------------------

Comment(by nickm):

 Hm.  So, I buy the "more attack surface than necessary" argument as a
 reason to put it in 0.2.3 and later, but I don't think the swapping
 argument necessarily holds water.

 If we're worried about the key material getting used to encrypt tickets
 getting swapped out to disk, we also need to worry about the session key
 material getting swapped out, surely.  If you're swapping and your swap
 isn't encrypted, I don't think you get PFS guarantees.

 I could be missing something crucial there--am I?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7139#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #7139 [Tor]: Tor involuntarily sets TLS session tickets
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #7066 [Tor]: Guard disablement by path-bias detector must be disabled or removed
Next by Author: Re: [tor-bugs] #6196 [Tor Sysadmin Team]: Copy Apache logs to stenodon
Previous by thread: Re: [tor-bugs] #7139 [Tor]: Tor involuntarily sets TLS session tickets
Next by thread: Re: [tor-bugs] #7139 [Tor]: Tor involuntarily sets TLS session tickets
Index(es):
- Author
- Thread