On Wed, Sep 18, 2013 at 11:57 PM, Roger Dingledine arma@mit.edu wrote:
Hi Nick, Ian,
I've been pointing people to "Section 6 of http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.228.6223" when they ask what NTor is. But then I realized that that's not the best (single) place to send cryptographers when I ask them to analyze whether we've designed or built it right.
Then I found https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/216-ntor-hand... which looks great
but then I also found https://gitweb.torproject.org/torspec.git/blob/HEAD:/tor-spec.txt#l852 which looks crisper.
So the questions:
A) Which combination and order of these three resources should I point people at? That is, does the tor-spec stanza replace proposal 216 completely, or is there still some use to looking at the proposal too, or is the proposal wrong now because you fixed stuff since then but didn't change the proposal, etc? Did I miss any good resources?
I would suggest that people who want to review the thing should really review all of those. If I recall correctly, the tor-spec stanza is a complete replacement for proposal 216, but proposal 216 might explain things better in some places. I'd also suggest reading the code in src/or/onion_ntor.c, which is written pretty cleanly (he bragged).
The reason I suggest looking at all of these is that --while an attack on the implementation would of course be worst -- I would accept an attack against *any* of those writeups as a good attack that we should know about. Moreover, I think that looking at the differences between those writeups, and for differences between the final spec and the implementation, would be something very much worth doing.
B) What are the sketchiest parts -- the parts of the design or the implementation that you most want review on, or that you think would be most fruitful for finding issues?
C) What else should I be asking you, in terms of how to get this thing reviewed the mostest and the bestest? We rolled out NTor quicker than we rolled out TAP, relatively speaking, and now it would count as breaking a widely deployed system so I bet we can get some more people evaluating it.
I think Ian et al would have a better handle on these issues than I.