[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7189 [Tor]: Disabling TLS tickets makes us look unlike firefox

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #7189 [Tor]: Disabling TLS tickets makes us look unlike firefox
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Tue, 23 Oct 2012 15:23:36 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 23 Oct 2012 11:23:44 -0400
In-reply-to: <045.a9314ce5e10db77dc11649c99915b2e3@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.a9314ce5e10db77dc11649c99915b2e3@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#7189: Disabling TLS tickets makes us look unlike firefox
----------------------------+-----------------------------------------------
 Reporter:  nickm           |          Owner:                    
     Type:  defect          |         Status:  new               
 Priority:  major           |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor             |        Version:                    
 Keywords:  tor-client tls  |         Parent:                    
   Points:                  |   Actualpoints:                    
----------------------------+-----------------------------------------------

Comment(by nickm):

 Replying to [comment:1 arma]:
 > Replying to [ticket:7189 nickm]:
 > > This is a nontrivial decision to make.  If a client says that it
 supports TLS tickets, and it is talking to an older Tor server that hasn't
 disabled them, it will get degraded PFS.  But if a client doesn't say it
 supports TLS tickets, it will apparently be more distinguishable.
 >
 > I'm not too worried about older Tors -- they will become more scarce
 over time.

 So the question is, whether they should be allowed to delay clients
 getting good fast PFS.  If we keep tickets out of client connections, then
 clients who have a new Tor get fast PFS on 100% of their TLS connections
 right away; and other clients get PFS on U of their TLS connections, where
 U is the fraction of Tor nodes that have upgraded. Node-to-node TLS has
 PFS with probability 1-(1-U)^2.

 But if we put tickets back in Tor servers, then all clients get fast PFS
 on U of their TLS connections, and node-to-node TLS has PFS with
 probability U.


 One other option to think about is to make this change, but make it later,
 once more servers have upgraded.  We can't make this change in a consensus
 parameter, though, since that would force us to change our behavior on the
 fly.


 We could probably help the network by having relays turn tickets off
 unconditionally, so that node-to-node TLS gets fast PFS if either peer is
 upgraded.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7189#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #7189 [Tor]: Disabling TLS tickets makes us look unlike firefox
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #7195 [Tor]: Add a helpful warning log when a managed proxy dies during configuration
Next by Author: Re: [tor-bugs] #7196 [Tor bundles/installation]: Can not run 2.2.39-4 version 64 linux
Previous by thread: Re: [tor-bugs] #7189 [Tor]: Disabling TLS tickets makes us look unlike firefox
Next by thread: Re: [tor-bugs] #7189 [Tor]: Disabling TLS tickets makes us look unlike firefox
Index(es):
- Author
- Thread