[tor-dev] obfs4 and ntor (question wrt node_id)

Yawning Angel yawning at schwanenlied.me
Mon Jun 2 18:23:49 UTC 2014


On Mon, 02 Jun 2014 16:12:03 +0100
George Kadianakis <desnacked at riseup.net> wrote:
 
> Yep, that's what I gathered too.
> 
> Unfortunately, the server-side obfs4 might not have access to its
> address/port (it normally knows that it has to bind to 0.0.0.0:<port>,
> not the actual external IP address).
> 
> So we were considering whether generating a random nodeid would be OK
> for security.
> Or even omitting the nodeid completely, and just using the public key
> B in its place (since \hat{B} is just used as an one-to-one map to a
> B) Or does this complicate the security proof?

Unless I'm horrifically mistaken, a random nodeid is fine as it is just
as arbitrary as the current node ID.  Since there isn't any tight
coupling between pluggable transports and the remote bridges they
connect to, the bridge fingerprint currently in use is also a "random
nodeid", at least as far as obfs4 is concerned (The fact that it
coincidentally happens to be the bridge fingerprint has no effect on
the obfs4 protocol itself).

Regards,

-- 
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140602/4f56035e/attachment.sig>


More information about the tor-dev mailing list