[tor-bugs] #9689 [Tor]: Write proposal for VERIFY and RELAY_VERIFY cells
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Sep 7 06:32:38 UTC 2013
#9689: Write proposal for VERIFY and RELAY_VERIFY cells
-------------------------------------------------+-------------------------
Reporter: mikeperry | Owner:
Type: project | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Keywords: key-theft mike-0.2.5 proposal- | Actual Points:
needed so-crazy-it-just-might-work | Points:
Parent ID: |
-------------------------------------------------+-------------------------
To protect against relay key theft, it would be useful if relays supported
a way to replay the ntor handshake and the DH/ECDH TLS handshake via a
directory mirror whose keys are stored in the Tor source code (via #572).
The idea is that clients could replay some percentage of their circuits'
and TLS connections handshakes via independently authenticated
cryptographic paths using the directory mirror keys and #5968. If any one
handshake replay failed to yield the same session keys from a replayed
DH/ECDH/ntor handshake for any subset of the paths, we know the
authentication key for that handshake was stolen and one of the client's
paths was MITMed, and we could sound the alarm bells.
We'd probably need two cell types for this: a VERIFY cell that included
enough information to replay one or both handshakes, and a RELAY_VERIFY
cell that instructed a relay to send an enclosed VERIFY cell on behalf of
a remote client.
It would be extra neat if we could use this mechanism as the basis for a
proper TLS extension, to allow the whole web to do stuff like this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9689>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list