[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Proposal 244: Use RFC5705 Key Exporting in our AUTHENTICATE calls

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] Proposal 244: Use RFC5705 Key Exporting in our AUTHENTICATE calls
From: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Thu, 14 May 2015 10:49:14 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 14 May 2015 10:49:29 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=x4hJkiCvtBOCLW2xgeLNTjp9n/ABJmQvb1AAwZwolCE=; b=MRVgMEniF4JByHsX3arjQ00KvetuunEOJ2wT0g6WimeSSFV5A7g+p2X4g+GxTTxKaW EjPOneLNSJ1fcmIz+jm57vaLQzG5kBKQcPZps+WWh1kLFrTQf7vj0vCXoxgZXwnBWnsO 9/sxUvrKKwEUc75HktUEOIOn3sElXdpvIvBV6Cer/D7FE06d55xezLcXrctphir9TReb 3KGYsQVAkEYn2/OHrhBPUULvqNYQ9U3cIGj+k4ehV1bGv4RFCGRmyXmBn3SpSpmMi+jT hOynjg6G9IFbjwQgqkpKJomIe6FaUag41c/reWie+evn+A+jEL72932YFDu1386XPmUL /3Dw==
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Filename: 244-use-rfc5705-for-tls-binding.txt
Title: Use RFC5705 Key Exporting in our AUTHENTICATE calls
Author: Nick Mathewson
Created: 2015-05-14
Status: Draft

1. Proposal

  We use AUTHENTICATE cells to bind the connection-initiator's Tor
  identity to a TLS session.  Our current type of authentication
  ("RSA-SHA256-TLSSecret", see tor-spec.txt section 4.4) does this by
  signing a document that includes an HMAC of client_random and
  server_random, using the TLS master secret as a secret key.

  There is a more standard way to get at this information, by using the
  facility defined in RFC5705.  Further, it is likely to continue to
  work with more TLS libraries, including TLS libraries like OpenSSL 1.1
  that make master secrets and session data opaque.

  I propose that we introduce a new authentication type, with AuthType
  and TYPE field to be determined, that works the same as our current
  "RSA-SHA256-TLSSecret" authentication, except for these fields:

    TYPE is a different constant string.

    TLSSECRETS is replaced by the output of the Exporter function in
    RFC5705, using as its inputs:
        * The label string "EXPORTER FOR TOR TLS CLIENT BINDING " + TYPE
        * The context value equal to the client's identity key digest.
        * The length 32.

  I propose that proposal 224's section on authenticating with ed25519
  keys be amended accordingly:

    TYPE is a different constant string, different from the one above.

    TLSSECRETS is replaced by the output of the Exporter function in
    RFC5705, using as its inputs:
        * The label string "EXPORTER FOR TOR TLS CLIENT BINDING " + TYPE
        * The context value equal to the client's Ed25519 identity key
        * The length 32.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Prev by Author: [tor-dev] Notes on Donncha's Summer of Privacy project about scaling hidden services
Next by Author: Re: [tor-dev] OpenWrt cross compile build error in 0.2.6.8
Previous by thread: [tor-dev] txtorcon for javascript application (npm)
Next by thread: [tor-dev] Is there a way to get all tor hidden service list???
Index(es):
- Author
- Thread