[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Characterizing Tor flows using DPI

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Characterizing Tor flows using DPI
From: teor <teor@xxxxxxxxxx>
Date: Mon, 15 Oct 2018 13:39:05 +1000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 14 Oct 2018 23:39:26 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1539574749; bh=2xNlwsRlPLih9cNv5wqGNopkFGB1N3kuGpfagqNl/gU=; h=Subject:From:In-Reply-To:Date:Reply-To:References:To:From; b=EJeDRC41GIyhqL0QgUpGhmIHxGelmdHHSh5RlUzykBuZsF9k0XvNkAY86uGHSWjz7 4OwU/8kNk98cSjw+OzGCLDmJEzV95vnwuD46EA7qT42zHlDxNsX+StOeW7Jukut9MW F07oPJkdP5QDa6I9aqawV8aIyLxmHvkYZ2Jkbr/Y=
In-reply-to: <CAGkdf3cQU=NcxKF-nGWwjXf7XOr8aGVO15D9nJTGS9KeEwtWVw@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAGkdf3cQU=NcxKF-nGWwjXf7XOr8aGVO15D9nJTGS9KeEwtWVw@mail.gmail.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi,


> On 12 Oct 2018, at 21:40, Piyush Kumar Sharma <piyushs@xxxxxxxxxxx> wrote:
> 
> I have some confusion regarding the characterization of Tor traffic using DPI.
> I was following the link (https://trac.torproject.org/projects/tor/wiki/org/projects/Tor/TLSHistory ) and understood that Tor did TLS renogotiation at some point and then discontinued doing it. 
> As an improvement there are basically two handshakes that are done.
> (i) "outer handshake" which is made to look as real as possible.
> (ii) "inner handshake" which is actually used to authenticate and exchange "real" certificates.
> 
> I am just not able to understand as to why we need two handshakes, also why do we need "real" and "fake" certificates.

Historically, the tor protocol was modified to avoid censorship.
But now we use pluggable transports to avoid censorship.

Tor's inner handshake also does not rely on TLS/SSL security, which has historically
made Tor traffic harder to compromise using TLS/SSL attacks.

> Or if i am missing something, can someone point me to the right resources where i can get the current tor TLS implementation details.

The "Connections" section in the Tor specification describes the current
Tor handshake, and legacy versions:

https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt#n197

T

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- Re: [tor-dev] Characterizing Tor flows using DPI
  - From: Piyush Kumar Sharma

Prev by Author: Re: [tor-dev] Information on Pluggable Transports
Next by Author: Re: [tor-dev] UX improvement proposal: Onion auto-redirects using Onion-Location HTTP header
Previous by thread: Re: [tor-dev] Characterizing Tor flows using DPI
Next by thread: [tor-dev] Orbot 16.0.3-BETA-2 (tor-0.3.4.8) release for testing
Index(es):
- Author
- Thread