On Thu, Jan 04, 2007 at 08:52:23PM -0500, chris@xxxxxxxxxxxx wrote:
> On Wed, Jan 03, 2007 at 03:06:59PM -0500, Nick Mathewson wrote:
> > The certificate with the short term connection key is signed by the
> > identity key.
> >
> > > * Are all the aforementioned certs and keys mentioned above sent in
> > > 'cells'? Which cell types? This was not specified.
> >
> > No. This is part of the TLS handshake. I'll try to make that clear
> > if I can.
>
> >From what I know about TLS (I'm not a TLS expert.)...
> The communication of the short term (RSA) connection key in a cert is not
> really part of the TLS Handshake Protocol right? The TLS Handshake Protocol
> *just* uses identity (RSA public) keys to establish a symmetric session key
> between a client and server right? ...Unless the TLS Handshake Protcol allows
> peers to send additional info to each other as part of TLS I don 't
> know about?
TLS is specified in RFC2246. Check out sections 7.4.2 and sections
7.4.7 to learn how certificate chain is indeed a part of the TLS
protocol.
Also, consider Eric Rescorla's _SSL and TLS_: it's a good introduction
to the format in the protocol, and although it doesn't spell
everything out in as much detail as the RFC, it might be easier
reading.
>
> (Also, since EVERY connection needs to generate a short term RSA
> public/private key pair....I hope RSA key pair generation is NOT
> expensive?)
RSA key pair generation is indeed expensive, but we do not redo it for
every connection. _Symmetric_ keys are generated per TLS connection;
short-term RSA connectgion keys are changed every few hours.
From tor-spec.txt:
- A short-term "Connection key" used to negotiate TLS connections.
Tor implementations MAY rotate this key as often as they
like, and SHOULD rotate this key at least once a day.
yrs,
--
Nick Mathewson
Attachment:
pgpG4Z55ubgUT.pgp
Description: PGP signature