[tor-bugs] #5565 [Tor Relay]: MyFamily should provide an alternate non-idhex subscription mechanism

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed Apr 4 06:32:04 UTC 2012 

#5565: MyFamily should provide an alternate non-idhex subscription mechanism
-------------------------+--------------------------------------------------
 Reporter:  mikeperry    |          Owner:                    
     Type:  enhancement  |         Status:  new               
 Priority:  normal       |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor Relay    |        Version:                    
 Keywords:               |         Parent:  #5563             
   Points:               |   Actualpoints:                    
-------------------------+--------------------------------------------------

Comment(by mikeperry):

 Replying to [comment:6 rransom]:
 > If you're worried about a relay's host obtaining a relay's secret keys,
 you can't rely on storing a relay family's secret key in its torrc or
 DataDirectory.
 >
 > Should we worry about an attacker who compromises a relay's identity key
 being able to claim to be in that relay's families forever?  If not, then
 an operator can generate a family-membership signature once per relay, put
 it in the relay's torrc, and have the relay put that signature in its
 descriptors (thereby cross-certifying it with the relay's identity key).

 Yeah, this is how we would do a family key deployment. The key would
 ideally be used to sign a statement offline once, and then that signed
 statement would be used for time period T.

 However, I think we should first try to find issues with a simple UUID-
 based solution. Are there any?

 > If we do worry about that replay attack, things get messier; a relay's
 operator will need to generate family-membership signatures once per
 $INTERVAL per relay, and then upload them to the relay periodically.  (In
 this case, I wouldn't recommend putting the signature itself in the torrc;
 reference a separate file instead.)

 Hrmm.. Yeah, already the complexity mounts. I forgot about re-using old
 signatures and setting time limits/expiry. Thanks.

 > Or should we just drop the MyFamily feature entirely, on the assumption
 that only good guys try to use it in a non-malicious way?

 Well, what about the UUID-based solution? Nick may or may not come up with
 attacks in his dreams. Can we think of any while we're awake? I am not
 seeing any, but I am also biased against complexity..

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5565#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list