Proposal for revised TLS handshake

Steven Murdoch tor+Steven.Murdoch at cl.cam.ac.uk
Tue Nov 6 22:41:13 UTC 2007


As some of you may know, there is a plan to make Tor clients more
resistant to being blocked [1]. The first parts of this are already
implemented, and the next step is to make the Tor traffic look more
like HTTPS, so it is hard to block one without blocking the other.

I've been working on a proposal for a new TLS handshake, which is
closer to a HTTP connection than before. Unfortunately we have had to
throw away some nice features of TLS, which Tor needs but HTTPS
doesn't use. So part of the handshake, in particular the client
authentication, has been converted to a custom protcol, inside the
encrypted tunnel.

The draft proposal of the protocol and other issues can be found at:

 http://www.cl.cam.ac.uk/~sjm217/volatile/xxx-tls-certificates.txt

This is in the process of being implemented, so if you have any
comments or suggestions, please do let me know.

Thanks,
Steven.

[1] http://www.torproject.org/svn/trunk/doc/design-paper/blocking.pdf

-- 
w: http://www.cl.cam.ac.uk/users/sjm217/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20071106/3b5e7e45/attachment.pgp>


More information about the tor-dev mailing list