On Wed, Mar 5, 2014 at 1:36 PM, Sebastian G. <bastik.tor> bastik.tor@googlemail.com wrote:
04.03.2014 03:45, Nick Mathewson:
- We should revisit proposals to have Tor server <-> server
communication use the v1 link protocol again. (That's the one where both sides present a certificate chain in their TLS handshake. We moved away from it because of protocol fingerprinting issues, before we'd hit upon pluggable transports as a better means for protocol obfuscation.) Due to our messed-up use of ciphersuites for signalling, we will have some tricky times designing this compatibly with existing Tors. But it might be our best long-term option if we can make it work. (IIRC Robert Ransom was advocating this.)
Hello Nick,
thank you for the education. :)
Since this is somewhat "important" for the list it is sent to it.
You say both presented a "certificate chain". For me this is what SSL/TLS provides with
CA certificate -> Sub CA certificate -> website certificate.
Did Tor had a similar implementation where there was an actual chain of certificates?>
Yes; have a look at the "v1 link handshake" as described in tor-spec.txt. The certificate chain doesn't involve a CA, but rather it was:
Identity certificate -> Short-term link certificate
The advantage to having multiple layers of keys is: * It provides another layer of forward secrecy by periodic discarding of private keys used for actual communication. * It makes it easier to keep identity keys offline to mitigate the effects of key compromise. (That's not fully possible in current Tor designs, because a Tor node needs its identity key to sign descriptors periodically. But see proposal 220 for a way to get into a position where we can support this.)
yrs,