[tor-bugs] #5563 [Tor Relay]: Better support for ephemeral relay identity keys
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Apr 4 02:13:11 UTC 2012
#5563: Better support for ephemeral relay identity keys
-------------------------+--------------------------------------------------
Reporter: mikeperry | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor Relay | Version:
Keywords: | Parent: #5456
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by arma):
Replying to [comment:3 mikeperry]:
> arma: I don't think so. I think I'm actually most concerned about our
TLS keys, which I believe a
are rotated daily.
Every 2 hours:
{{{
/** 1b. Every MAX_SSL_KEY_LIFETIME_INTERNAL seconds, we change our
* TLS context. */
}}}
>But this rotation doesn't help if you assume an active adversary
operating upstream from you. Can't they just take whatever keys you create
and toss them away and re-sign new ones they control, using the identity
key?
Yes. But then when you send them a CREATE cell they won't be able to
decrypt it unless they know your onion key too. So the attack they need to
do is publish a new descriptor in your name, signed by your identity key,
listing their own onion key -- and then also be able to "be" you from the
perspective of the network. If the attacker can do all that, how will
shorter identity key lifetimes help?
(Note that the above sentence about the CREATE cell does not apply to
guards, since they do the create_fast trick. I could see an argument for
going back to involving the onion key in the circuit handshake for guards
too.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5563#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list