commit 7bca621cca1ab11f2e550f20e3fe60adec4034ef Author: Nick Mathewson nickm@torproject.org Date: Tue Jun 2 11:59:06 2015 -0400
Whoops; actually add proposal 244. --- proposals/244-use-rfc5705-for-tls-binding.txt | 41 +++++++++++++++++++++++++ 1 file changed, 41 insertions(+)
diff --git a/proposals/244-use-rfc5705-for-tls-binding.txt b/proposals/244-use-rfc5705-for-tls-binding.txt new file mode 100644 index 0000000..66b8e09 --- /dev/null +++ b/proposals/244-use-rfc5705-for-tls-binding.txt @@ -0,0 +1,41 @@ +Filename: 244-use-rfc5705-for-tls-binding.txt +Title: Use RFC5705 Key Exporting in our AUTHENTICATE calls +Author: Nick Mathewson +Created: 2015-05-14 +Status: Draft + +1. Proposal + + We use AUTHENTICATE cells to bind the connection-initiator's Tor + identity to a TLS session. Our current type of authentication + ("RSA-SHA256-TLSSecret", see tor-spec.txt section 4.4) does this by + signing a document that includes an HMAC of client_random and + server_random, using the TLS master secret as a secret key. + + There is a more standard way to get at this information, by using the + facility defined in RFC5705. Further, it is likely to continue to + work with more TLS libraries, including TLS libraries like OpenSSL 1.1 + that make master secrets and session data opaque. + + I propose that we introduce a new authentication type, with AuthType + and TYPE field to be determined, that works the same as our current + "RSA-SHA256-TLSSecret" authentication, except for these fields: + + TYPE is a different constant string. + + TLSSECRETS is replaced by the output of the Exporter function in + RFC5705, using as its inputs: + * The label string "EXPORTER FOR TOR TLS CLIENT BINDING " + TYPE + * The context value equal to the client's identity key digest. + * The length 32. + + I propose that proposal 224's section on authenticating with ed25519 + keys be amended accordingly: + + TYPE is a different constant string, different from the one above. + + TLSSECRETS is replaced by the output of the Exporter function in + RFC5705, using as its inputs: + * The label string "EXPORTER FOR TOR TLS CLIENT BINDING " + TYPE + * The context value equal to the client's Ed25519 identity key + * The length 32.