[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 190: Password-based Bridge Client Authorization

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal 190: Password-based Bridge Client Authorization
From: Nick Mathewson <nickm@xxxxxxxxxxxx>
Date: Tue, 17 Jan 2012 12:35:07 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 17 Jan 2012 12:35:23 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=Xh3431ajNDYOBQBtJRsUKqcW6BiKSNf7CTBcQr36xFY=; b=JnWteVpdBhosjnQSxvCcSgsGeevNqcRpo/43AVsoApNr1JJhjzVWb9oB7L+aBOYQg5 c0p03qFNHQyxeEJJRs9KLWQwU46aQ0A/TKrDkPVpHSFcIRMqUm+eZ/jNKIzHmQaN0NOE fWJ1GWKlbpM2ySWR6D97uk0cXI7G/A4gyuMQY=
In-reply-to: <8739e0d6jo.fsf@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <87obwrg56f.fsf@xxxxxxxxxx> <CABqy+sqqToj+QdAsmNeJ_SSy0hTpF1aaBMTmT175b1z7gfbW2w@xxxxxxxxxxxxxx> <CABqy+srpd-kfMT1R3fqRCtc+gKGKcFgkOf3o=MgbJpA24WrOog@xxxxxxxxxxxxxx> <8739e0d6jo.fsf@xxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx

On Sun, Nov 6, 2011 at 9:12 PM, George Kadianakis <desnacked@xxxxxxxxx> wrote:

> 3.2. AUTHORIZE cell format
>
>   In shared-secret-based authorization, the MethodFields field of the
>   AUTHORIZE cell becomes:
>
>       'shared_secret'               [10 octets]
>
>   where:
>
>   'shared_secret', is the shared secret between the bridge operator
>                    and the bridge client.

No, dumping the HMAC seems like a step backwards.  In practice,
bridges are needed exactly in those cases where we're worried about
active attacks between clients and the Tor network.  There's no point
in revising a protocol proposal to be MORE vulnerable to MITM;
instead, we need one that is less vulnerable.

Marking this proposal needs-revision.  Not sure what the actual
solution is though. One option might be to look for a way to signal
(undetectably) to the client that the server knows what it's doing as
part of the TLS handshake. For example, by building the
ServerHello.random structure such that instead of having 28 random
bytes and 4 bytes of time, it has 16 random bytes, 4 bytes of time,
and 12 bytes based on a HMAC of (the 16 random bytes, the 4 time
bytes, the ClientHello.Random, and the certificate that it will send).
 Yuck!  But it might work.  It would need analysis, I guess.

I'm probably being too telegraphic here; I should try to expand this
into a real idea if people don't think it's a total nonstarter for
some reason.

yrs,
-- 
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Proposal 190: Password-based Bridge Client Authorization
  - From: George Kadianakis
- Re: [tor-dev] Proposal 190: Password-based Bridge Client Authorization
  - From: Robert Ransom

Prev by Author: Re: [tor-dev] Proposal 186: Multiple addresses for one OR or bridge
Next by Author: Re: [tor-dev] Proposal 190: Password-based Bridge Client Authorization
Previous by thread: Re: [tor-dev] Proposal 186: Multiple addresses for one OR or bridge
Next by thread: Re: [tor-dev] Proposal 190: Password-based Bridge Client Authorization
Index(es):
- Author
- Thread