On 20 Feb 2016, at 16:28, Xiaofan Li <xli2@andrew.cmu.edu> wrote:

Here is a question that we have about security: 
Since QUIC comes with a transport layer security, we are worried that this feature is conflicting with TOR's application layer security. By "conflicting", I don't mean the QUIC will sabotage TOR's security, but it might be doing redundant work, such as encrypting twice unnecessarily (once for QUIC's TLS and once for TOR). So, we are exploring the possibility of turning off this feature in QUIC. What do you think of this problem? Are we on the right track? 

Onion Routing is designed to have multiple layers of encryption.

And the double-encryption of TLS then Tor (whether over TCP or QUIC) is beneficial because it guarantees the integrity and authenticity of the whole connection. And it provides defence-in-depth against intrusion attempts.

You might have to redo some of Tor's security proofs if you want to disable the outermost encryption layer. At the very least, you'll have to justify changing from TCP and TLS to QUIC without TLS, which is harder than TCP and TLS to QUIC and TLS.

Why not leave it on?

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F