[tor-dev] Proposal 228: Cross-certifying identity keys with onion keys
Sebastian G. <bastik.tor>
bastik.tor at googlemail.com
Sat Mar 1 13:22:12 UTC 2014
25.02.2014 17:22, Nick Mathewson:
> You _could_ do something weird in the TAP protocol where you .
do something I don't tell you. ;)
(I saw that this one was caught already)
It should be something like this, in case anyone wonders.
> (You _could_ do something weird in the TAP protocol where you
> receive an onionskin that you can't process, relay it to the
> party who can process it, and receive a valid reply that you
> could send back to the user. But this makes you a less effective
> man-in-the-middle than you would be if you had just generated
> your own onion key. The ntor protocol shuts down this
> possibility by including the router identity in the material to
> be hashed, so that you can't complete an ntor handshake unless
> the client agrees with you about what identity goes with your
> ntor onion key.)
But I think there is another one.
> 4. Performance impact
>
> Routers do not generate new descriptors frequently enough for
> them to need to
worry about performance for this matter. (?)
Or was it something else?
Regards,
Sebastian (bastik)
More information about the tor-dev
mailing list