[tor-dev] Proposal 195: TLS certificate normalization for Tor 0.2.4.x

Nick Mathewson nickm at alum.mit.edu
Mon Mar 12 17:31:50 UTC 2012


On Fri, Mar 9, 2012 at 8:03 PM, Robert Ransom <rransom.8774 at gmail.com> wrote:
>
> Users need to specify a full certificate chain, not just the
> end-entity certificate.

Agreed that this is desirable, but if we take that route, we need to
amend the current rule for deciding whether to use the v3/v2 vs the v1
handshake.  Currently, according to tor-spec, a client that sees a
certificate chain should assume that it's getting a v1 handshake.

Fortunately, every version of Tor that only allows the v1 handshake is
now deprecated.

> Have you considered whether to allow the user to store the TLS
> certificate's private key in a hardware device?

Sounds desirable. I have no idea how to do this from OpenSSL, but
there is surely a way.

[...]
>>    The simplest way to get a plausible commonName here would be to do a
>>    reverse lookup on our IP and try to find a good hostname.  It's not
>>    clear whether this would actually work out in practice, or whether
>>    we'd just get dynamic-IP-pool hostnames everywhere blocked when they
>>    appear in certificates.
>
> What if a bridge's IP address and reverse-DNS hostname change?

I believe in that case we would have to generate a new cert.  I have
no idea if this reverse-DNS idea is any good.  Any better ones?

> How does this interact with the v3 link protocol signaling mechanism?

The v3 link protocol signalling mechanism checks for any of the
following not being true
"""
      * The certificate is self-signed
      * Some component other than "commonName" is set in the subject or
        issuer DN of the certificate.
      * The commonName of the subject or issuer of the certificate ends
        with a suffix other than ".net".
      * The certificate's public key modulus is longer than 1024 bits.
"""
So I guess we should amend the proposal to say that nobody is allowed
to self-generate a self-signed cert for a 1024-bit RSA key whose DN
has only  only a commonName ending with .net.

> How will a bridge's client be told what hostname to specify in its
> server name indication field?

I was thinking through a torrc configuration values. Any better ideas?

-- 
Nick


More information about the tor-dev mailing list