[tor-bugs] #5578 [Flashproxy]: Investigate WebRTC for flash proxy NAT punching
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 28 18:27:58 UTC 2013
#5578: Investigate WebRTC for flash proxy NAT punching
----------------------------+-----------------
Reporter: dcf | Owner: dcf
Type: task | Status: new
Priority: normal | Milestone:
Component: Flashproxy | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
----------------------------+-----------------
Comment (by infinity0):
Continuing from the above, the following option probably would not require
any changes to the ICE authentication code, nor the facilitator to have
another certification key (nor to use the existing encryption key for
certification) - but it does assume the existence of a fully-known
confidential channel between the facilitator and the browser proxy (i.e.
not SSL with x509).
1. the client, L, generates a secret key K(R) and sends it to the
facilitator in an encrypted client registration. this means only the
facilitator can read K(R).
2. when the facilitator picks a proxy, R, to serve L, it gives it K(R) via
the confidential channel. now only the facilitator and the proxy can read
K(R).
3. R then uses K(R) as the authentication key for ICE as normal. no
changes to normal ICE authentication are needed.
4. L assumes that the facilitator works honestly, and that no-one else can
read K(R) in transit, due to the confidential channel.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5578#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list