[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Alternative directory format for v3 client auth

To: Suphanat Chunhapanya <haxx.pop@xxxxxxxxx>, David Goulet <dgoulet@xxxxxxxxxx>
Subject: Re: [tor-dev] Alternative directory format for v3 client auth
From: George Kadianakis <desnacked@xxxxxxxxxx>
Date: Wed, 08 Aug 2018 19:25:22 +0300
Cc: tor-dev@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 08 Aug 2018 12:25:40 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1533745526; bh=O3H75rzOSzWcXdUjUQLaCkSYJ2gkYALL45zSH7G9bd4=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=rVpvwXDjBQEu2rxxL8z68Nd+dcXi2sH3dMuL5RFzuRdbsJDMeVhVA9fI8Sdw+9Xrh 8EFu3dHELc3P5QIFGm1VgYNz9zM8b8J3sD1gWDNA9mCrqCS4mfnL2s9mJihohpCJp6 lhSzdfRsEOVDO9oZzu6LYcTSajDZ3uQ6+k/JwD/o=
In-reply-to: <871scax6hy.fsf@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <871scax6hy.fsf@riseup.net>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

George Kadianakis <desnacked@xxxxxxxxxx> writes:

> Hello haxxpop and David,
>
> here is a patch with an alternative directory format for v3 client auth
> crypto key bookkeeping as discussed yesterday on IRC:
>        https://github.com/torproject/torspec/pull/23
>
> Thanks for making me edit the spec because it made me think of various
> details that had to be thought of.

Hello again,

there have been many discussions about client auth since that last email
a month ago. Here is a newer branch that we want to get merged so that
we proceed with implementation: https://github.com/torproject/torspec/pull/33

The first commit is the same as in the original post, and all subsequent
commits are improvements on top of it.

Here are a few high-level changes that were made after discussion:

- Ditched intro auth for now, since descriptor auth is sufficient for
  our threat model, and trying to support two different auth types would
  complicate things.

- Opted for a KISS design for now where we don't ask Tor to generate
  client auth keys neither on the client side or on the service side.
  For now we assume that client/service-side generated their keys with
  an external tool, and we will build such tools in the future, instead
  of spending too much time bikeshedding about it right now.

- Client auth is enabled if the client auth directory is populated with
  the right files, instead of relying on torrc switches etc.

Furthermore, the last three commits are quick mainly-cosmetic changes I
did alone before posting this here. Inform me if you don't like those.

I'll let this simmer here for a few days before merging it in torspec.
Let me know if you have questions! Thanks for reading!

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Alternative directory format for v3 client auth
  - From: George Kadianakis

Prev by Author: Re: [tor-dev] Archiving old Components in Trac
Next by Author: Re: [tor-dev] Reviewing Trac #18642 (Teach the OOM handler about the DNS cache)
Previous by thread: [tor-dev] Tor Browser for arm64/v8 on RPi3
Next by thread: Re: [tor-dev] Alternative directory format for v3 client auth
Index(es):
- Author
- Thread