[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: nit-picky spec questions about connection protocol please....



On Thu, Jan 04, 2007 at 08:52:23PM -0500, chris@xxxxxxxxxxxx wrote:
> On Wed, Jan 03, 2007 at 03:06:59PM -0500, Nick Mathewson wrote:
> > The certificate with the short term connection key is signed by the
> > identity key.
> >
> > > * Are all the aforementioned certs and keys mentioned above sent in
> > > 'cells'?  Which cell types?  This was not specified.
> >
> > No.  This is part of the TLS handshake.  I'll try to make that clear
> > if I can.
> 
> >From what I know about TLS (I'm not a TLS expert.)...
> The communication of the short term (RSA) connection key in a cert is not
> really part of the TLS Handshake Protocol right?  The TLS Handshake Protocol
> *just* uses identity (RSA public) keys to establish a symmetric session key
> between a client and server right? ...Unless the TLS Handshake Protcol allows
> peers to send additional info to each other as part of TLS I don 't
> know about?

TLS is specified in RFC2246.  Check out sections 7.4.2 and sections
7.4.7 to learn how certificate chain is indeed a part of the TLS
protocol.

Also, consider Eric Rescorla's _SSL and TLS_: it's a good introduction
to the format in the protocol, and although it doesn't spell
everything out in as much detail as the RFC, it might be easier
reading.

> 
> (Also, since EVERY connection needs to generate a short term RSA
> public/private key pair....I hope RSA key pair generation is NOT
> expensive?)

RSA key pair generation is indeed expensive, but we do not redo it for
every connection.  _Symmetric_ keys are generated per TLS connection;
short-term RSA connectgion keys are changed every few hours.

From tor-spec.txt:

    - A short-term "Connection key" used to negotiate TLS connections.
      Tor implementations MAY rotate this key as often as they
      like, and SHOULD rotate this key at least once a day.

yrs,
-- 
Nick Mathewson

Attachment: pgpG4Z55ubgUT.pgp
Description: PGP signature