[tor-bugs] #4570 [Tor Bridge]: Implement certificate serial number covert channel (part of proposal 179)
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Nov 25 23:57:08 UTC 2011
#4570: Implement certificate serial number covert channel (part of proposal 179)
------------------------+---------------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Bridge | Version:
Keywords: | Parent: #3972
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by nickm):
Replying to [comment:2 asn]:
> We will always have false positives with this scheme, till all the
non-0.2.3.x relays disappear from the network.
Unless we use the other v3-indicating cert features plus the SN to
indicate
Let's take a step back -- do you currently think this feature is a good
idea? I don't think it's workable if we have user-provided certs, and I
think that getting user-provided certs to work is more important than
this.
> > > For link protocol version negotiation, we have the VERSIONS cell. We
might '''need''' a covert channel '''on''' the SSL handshake, if we need
to negotiate the link protocol version before the Tor protocol. In which
cases do we need such a '''visible''' covert channel?
> >
> > The question isn't whether we need a visible one; it's whether we'll
ever need to do again what we've done with the v1->v2 and v2->v3 link
protocol transition, where the client learns which handshake it is before
the handshake is actually done, so that the client can act differently,
depending. I *think* that v3 should be flexible enough to last
indefinitely, but we should actually figure this out.
>
> VERSIONS cells should be enough to negotiate future 'in-protocol' link
protocols.
>
> A covert channel like the one described in 178 could find use:
>
> a) If we needed to do our link protocol in the initial SSL handshake.
But we've grown old for that, no?
Well, we did need to negotiate v1 vs v2 this way, and v2 vs v3 this way.
We couldn't use VERSIONS cells, since these connection varieties differ in
their TLS handshakes.
> b) If we needed to negotiate the link protocol before the Tor protocol
hits the wire. This sounds like an anti-bridge-detection measure, but I
can't find any scenarios where such a '''visible''' covert channel would
help [0].
>
> Can you describe a use case where VERSIONS wouldn't do it and this
serialNumber covert channel would help?
Yes; the case of how we negotiate v1 vs v2, and v2 vs v3 now. If we need
to do some other kind of TLS handshake, then the VERSIONS cell can't help
us, since that happens after the TLS handshake.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4570#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list