<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 26 February 2016 at 14:53, shadow <span dir="ltr"><<a href="mailto:shadow@systemli.org" target="_blank">shadow@systemli.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Thanks for this brief explanation,<br>
<br>
so the main goal of SSL addresses the problem of impersonation.<br></blockquote><div><br></div><div>Actually, from my perspective, to focus on a "main goal" (rather than a primary benefit) and then question it, doesn't really seem to make sense.</div><div><br></div><div>You say "(kind of broken) SSL system" - any yes, there are many criticisms that can be laid at SSL's feet, and many flaws; but when you're building a secure system it's a matter of synthesis - it's a bit like cooking, you add the ingredients which make sense for what you want to achieve.</div><div><br></div><div>And re: point 4, for instance, when you have many megabytes of code which expect to be dealing with HTTPS Secure Cookies, perhaps *that* is more important to you than point 1; or perhaps point 5 is.</div><div><br></div><div>But let me put that argument to one side for the moment, and address your question as-stated: </div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Isn't there an easier way to implement that somehow in the Tor code,<br>
than to rely on the (kind of broken) SSL system? But that would only<br>
address point 1), 2), 3) and 6</blockquote><div><br></div><div> The answer to that is "maybe"; there's an informative comparison here to be made with IPsec Authentication Headers*, commonly known as "AH"; it provides an authentication framework but leaves you (again) to bootstrap your notion of "identity"; you have to work out your own preferred solution for host identity and validation.</div><div><br></div><div>Also: in the traditional internet we're used to the idea of "1 IP Address => 1+ Websites"; you can run a bunch of different websites with different domain names on a single machine with a single IP address, but in that model IPsec fails** because it authenticates *IP addresses* rather than DNS domain names. </div><div><br></div><div>In Tor we traverse almost all boundaries between ISO Layer 3 and 7 - the Layer-3-alike Onion address provides AH-like authentication but is as visible to the user as a Layer 6? (7?) DNS domain names; and it's arguable that Onion site HSDirs are their own version of Layer-2 ARP, likewise. Tor is basically a separate networking stack to TCP/IP, and should maybe be treated as one - but this raises the question: "What <element of the network stack> are you trying to authenticate/validate, in some proposed SSL-replacement?"</div></div><div><br></div><div>And that is a question, the answer to which should be up to the implementer:</div><div><br></div><div>- People who want to use Tor like a VPN/IPSec Replacement may put trust in Onions to assure the endpoint they are connecting to.</div><div><br></div><div>- People who want to use Tor as a SSL Replacement can amend their browser to treat onionsites as equivalents to HTTPS; but then they have to change all the other software in the world to bring it into line / know that "onion == SSL" else the sites will misbehave; but practically this is unlikely to happen.</div><div><br></div><div>Thus the status quo: treat Tor like a TCP circuit in a different address space, and permit people to put whatever they want over it. Including SSL, if they wish. Or an alternative, if they wish to innovate.</div><div><br></div><div> -a</div><div><br></div><div><br></div><div><br></div><div>* <a href="http://www.tcpipguide.com/free/t_IPSecAuthenticationHeaderAH.htm">http://www.tcpipguide.com/free/t_IPSecAuthenticationHeaderAH.htm</a></div><div><br></div><div>** Aside: with the emergence of IP6 we now have enough space again for "1 IP Address === 1 Website", so maybe it's time elsewhere for an IPsec reboot?</div><div><br></div>-- <br><div class="gmail_signature"><a href="http://dropsafe.crypticide.com/aboutalecm" target="_blank">http://dropsafe.crypticide.com/aboutalecm</a><br></div>
</div></div>