[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-dev] What to read to analyze Tor's use of NTor?
Hi Nick, Ian,
I've been pointing people to "Section 6 of
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.228.6223" when
they ask what NTor is. But then I realized that that's not the best
(single) place to send cryptographers when I ask them to analyze whether
we've designed or built it right.
Then I found
https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/216-ntor-handshake.txt
which looks great
but then I also found
https://gitweb.torproject.org/torspec.git/blob/HEAD:/tor-spec.txt#l852
which looks crisper.
So the questions:
A) Which combination and order of these three resources should I point
people at? That is, does the tor-spec stanza replace proposal 216
completely, or is there still some use to looking at the proposal too,
or is the proposal wrong now because you fixed stuff since then but
didn't change the proposal, etc? Did I miss any good resources?
B) What are the sketchiest parts -- the parts of the design or the
implementation that you most want review on, or that you think would be
most fruitful for finding issues?
C) What else should I be asking you, in terms of how to get this thing
reviewed the mostest and the bestest? We rolled out NTor quicker than we
rolled out TAP, relatively speaking, and now it would count as breaking a
widely deployed system so I bet we can get some more people evaluating it.
Thanks!
--Roger
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev