[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 190: Password-based Bridge Client Authorization

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal 190: Password-based Bridge Client Authorization
From: Robert Ransom <rransom.8774@xxxxxxxxx>
Date: Wed, 18 Jan 2012 07:07:08 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 18 Jan 2012 02:07:23 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=OFHgV+TYpIykI+yXEZqMYzxa4+k1HrGrpsWJ9tVFzYE=; b=JDOELJVRDuzbtiYYMMBy8DvIb/6laB6Wh77WHB0KUEOUe7vrItoM6FRaIhO20QKocL /IlBh8yKAEBCq8+YnuV8welljXlPTFg47KuYZGH1T0Hf/4VAzjEG8Sp9HZXDmzU7WixF LwAzNecWS7xJBs7UPU1qt67cg7N1iJSiOmWrM=
In-reply-to: <20120117184816.GK16278@xxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <87obwrg56f.fsf@xxxxxxxxxx> <CABqy+sqqToj+QdAsmNeJ_SSy0hTpF1aaBMTmT175b1z7gfbW2w@xxxxxxxxxxxxxx> <CABqy+srpd-kfMT1R3fqRCtc+gKGKcFgkOf3o=MgbJpA24WrOog@xxxxxxxxxxxxxx> <8739e0d6jo.fsf@xxxxxxxxxx> <CAKDKvux0HgK+LezBPO8jQkq=4JkhXgKh_BG_UqrTfF4t6gXW3g@xxxxxxxxxxxxxx> <874nvu5fwr.fsf@xxxxxxxxxx> <20120117184816.GK16278@xxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx

On 2012-01-17, Ian Goldberg <iang@xxxxxxxxxxxxxxx> wrote:
> On Tue, Jan 17, 2012 at 08:43:00PM +0200, George Kadianakis wrote:
>> [0]: Did the Telex people clean up the patch, generalize it, and post
>> it in openssl-dev? Having configurable {Server,Client}Hello.Random in
>> a future version of OpenSSL would be neat.
>
> At USENIX Security, Adam opined that openssl's callback mechanism should
> be able to do this with no patches to the source.  (I think there was
> one part of Telex that would still need patches to openssl, but I don't
> think that was it.)  You basically request a callback right after the
> clienthello.random is generated, and in the callback, overwrite the
> value.  Or something like that; I don't remember exactly.

In a Telex TLS connection, the client's DH secret key is derived from
the ECDH shared secret between the client's Telex ECDH key and the
Telex server's ECDH key.  (This has the unfortunate side effect that a
client attempting to find Telex servers gives up forward secrecy for
its TLS connections.)  This may be the part of Telex which requires an
OpenSSL patch.


Robert Ransom
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Proposal 190: Password-based Bridge Client Authorization
  - From: Ian Goldberg

References:
- Re: [tor-dev] Proposal 190: Password-based Bridge Client Authorization
  - From: Nick Mathewson
- Re: [tor-dev] Proposal 190: Password-based Bridge Client Authorization
  - From: George Kadianakis
- Re: [tor-dev] Proposal 190: Password-based Bridge Client Authorization
  - From: Ian Goldberg

Prev by Author: Re: [tor-dev] Proposal 190: Password-based Bridge Client Authorization
Next by Author: Re: [tor-dev] Proposal 190: Password-based Bridge Client Authorization
Previous by thread: Re: [tor-dev] Proposal 190: Password-based Bridge Client Authorization
Next by thread: Re: [tor-dev] Proposal 190: Password-based Bridge Client Authorization
Index(es):
- Author
- Thread