<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<pre>Nick Mathewson wrote:</pre>
<blockquote cite="mid20061017154926.GB3924@totoro.wangafu.net"
type="cite">
<pre wrap="">On Tue, Oct 17, 2006 at 01:07:46PM +0300, Andrei Gurtov wrote:
</pre>
<blockquote type="cite">
<pre wrap="">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Folks,
I'm not sure if or-talk would have been a better place for this
question,
</pre>
</blockquote>
<pre wrap=""><!---->
Nope; or-dev is the right place for design.
</pre>
<blockquote type="cite">
<pre wrap="">but have you considered using Host Identity Protocol (HIP) in
the Tor implementation?
</pre>
</blockquote>
<pre wrap=""><!---->
HIP looks like neat stuff, especially in its mobility features, but it
doesn't seem very mature. Generally, we'd like to avoid being early
adopters of whiz-bang new features on the internet, since it's hard to
say in advance how popular they will turn out to be.
</pre>
</blockquote>
<blockquote cite="mid20061017154926.GB3924@totoro.wangafu.net"
type="cite">
<blockquote type="cite">
<pre wrap=""> If I understood right, currently Tor uses TLS
encryption that leaves some protocol headers feasible.
</pre>
</blockquote>
<pre wrap=""><!---->
Tor uses TLS for link encryption, not for end-to-end encryption.
Relevant protocol headers (like the target port and IP) are indeed
encrypted. I don't personally see a lot of point in encrypting the
port of the next OR to which you're talking.
If you'd like to know how Tor's encryption works in detail, you should
read tor-spec.txt , available at
<a class="moz-txt-link-freetext" href="http://tor.eff.org/svn/trunk/doc/tor-spec.txt">http://tor.eff.org/svn/trunk/doc/tor-spec.txt</a>
</pre>
<blockquote type="cite">
<pre wrap="">HIP combines IPsec with DoS-resistant key exchange protocol (see
RFC4423). If Tor would use it, then all transport-related info like port
numbers would be hidden by ESP. It would also allow mobile and
multihomed Tor servers. Clients could authenticate Tor servers (so that
faked servers could not be inserted) and servers would be more protected
against state-exhausting DoS attacks. HIP would also allow to use
arbitrary transport protocols like UDP or SCTP instead of only TCP.
</pre>
</blockquote>
</blockquote>
<pre>Problem: ESP uses raw IP packets. A lot of secure computers ban non root users from using
raw sockets as they are useful in interesting ways. Also most OS implementations of ESP require
root access to set it up. So we will be using our own implementation of ESP, which might not be
compatible with third-party servers made to take advantage of hardware cryptography.
</pre>
<blockquote cite="mid20061017154926.GB3924@totoro.wangafu.net"
type="cite">
<pre wrap=""><!---->
The mobility and DoS-prevention features of HIP look neat; servers are
already authenticated in the current protocol.
Adding UDP support would be a major win, but it wouldn't be so simple
as just switching to HIP; see the FAQ question about UDP support.
yrs,
</pre>
</blockquote>
<pre>Sincerely,
Watson Ladd
</pre>
<pre class="moz-signature" cols="72">--
They who would give up an essential liberty for temporary security,
deserve neither liberty or security
--Benjamin Franklin</pre>
</body>
</html>