using Host Identity Protocol in Tor

Andrei Gurtov gurtov at cs.helsinki.fi
Tue Oct 17 10:07:46 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Folks,

I'm not sure if or-talk would have been a better place for this
question, but have you considered using Host Identity Protocol (HIP) in
the Tor implementation? If I understood right, currently Tor uses TLS
encryption that leaves some protocol headers feasible.

HIP combines IPsec with DoS-resistant key exchange protocol (see
RFC4423). If Tor would use it, then all transport-related info like port
numbers would be hidden by ESP. It would also allow mobile and
multihomed Tor servers. Clients could authenticate Tor servers (so that
faked servers could not be inserted) and servers would be more protected
against state-exhausting DoS attacks. HIP would also allow to use
arbitrary transport protocols like UDP or SCTP instead of only TCP.

There are 3 open source HIP implementations for various platforms
including Linux, XP, Mac, BSD. URLs http://www.openhip.org or
http://infrahip.hiit.fi

I'm curious to know what you think and can provide additional HIP info
if necessary.

Andrei
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFNKtyP7jp0uceFkQRAvS5AJ4gEZpDo8uaWPY6/FXNrAu0GlAsgQCgiR4v
BJ+MsK/ekawGzvOnoEUR/GY=
=Jt/l
-----END PGP SIGNATURE-----



More information about the tor-dev mailing list