[tor-bugs] #3207 [Tor Relay]: limit more keys to the exponent we specify
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue May 17 05:38:24 UTC 2011
#3207: limit more keys to the exponent we specify
-------------------------+--------------------------------------------------
Reporter: arma | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: unspecified
Component: Tor Relay | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
In 987190c2bc1 we started to require that certain keys have a public
exponent 65537.
In particular, it looks like we covered the onion (circuit handshake) key,
the onion (handshake) key for intro circuits, and the intro point service
key.
A fellow on irc named 'signing_key' points out that we left out
K_SIGNING_KEY. He noted that if we had enforced the exponent on that key
in the past, CVE-2011-0427 might not have been so bad.
He also points out that we left out the onion key in the microdescriptor.
The authorities will refuse the normal descriptor, so it is implicitly
filtered now, but if we want it to be filtered we should do it clearly.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3207>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list