04.03.2014 03:45, Nick Mathewson:
- We should revisit proposals to have Tor server <-> server
communication use the v1 link protocol again. (That's the one where both sides present a certificate chain in their TLS handshake. We moved away from it because of protocol fingerprinting issues, before we'd hit upon pluggable transports as a better means for protocol obfuscation.) Due to our messed-up use of ciphersuites for signalling, we will have some tricky times designing this compatibly with existing Tors. But it might be our best long-term option if we can make it work. (IIRC Robert Ransom was advocating this.)
Hello Nick,
thank you for the education. :)
Since this is somewhat "important" for the list it is sent to it.
You say both presented a "certificate chain". For me this is what SSL/TLS provides with
CA certificate -> Sub CA certificate -> website certificate.
Did Tor had a similar implementation where there was an actual chain of certificates?
I am (and was) aware of not enabling some ciphers/cipher-suits in the server-hello to look not too different, as well as disabling some in the client-hello to look like Firefox connecting to Apache.
Best Regards, Sebastian G. (bastik)