On Wed, Oct 5, 2016 at 4:09 PM, Philipp Winter phw@nymity.ch wrote:
Also, Tor Browser MUST abort the ERP procedure if the HTTPS certificate is not signed by a trusted authority.
This is a problem for independant sites that choose not to pay the CA cabal, deal with what free CA will be around tomorrow, or run their own certs. And needs bypassed if users pin the site cert fingerprint in browser.
Tor Browser MUST fetch and interpret the policy
Big problem for any sort of debugging, observatory, geo selection, estimated risk of compromised exit, or simply refusal by the user. Must be disableable in browser config.
The "fingerprint" element points to the hex-encoded, uppercase, 40-digit fingerprint of an exit relay, e.g., 9B94CD0B7B8057EAF21BA7F023B7A1C8CA9CE645.
This should be lower case... https://trac.torproject.org/projects/tor/ticket/12799
The "signature" element points to an Ed25519 signature, uppercase and hex-encoded.
Ditto.
"start-policy" and "end-policy" are both constants and meant to prevent an adversary from serving a client only a partial list of pins.
This is https so it's unlikely and a bit moot, yet assuming it was plaintext, the set couldn't be asserted anyways without sig from site cert or from dnssec or even pgp.
The purpose of exit relay pinning is to protect a website's users from malicious exit relays.
Better the site run an onion to offer cover all users of all web tools, not just tbb, eliminate chance of compromised exit, and eliminate the ISP / GPA clearnet gap. And though not as sneaky a way to get more relays deployed, they can then still volunteer to run or pay for some.
If Tor Browser would attempt to fetch the ERP policy over n circuits
Perhaps costly / noisy without prebuilt circuits.
within a narrow time interval, suggesting that all these connections disadvantage of this defence is that it can take a while until Tor
if max-age < (interval or determination) then bad.
we could have Tor Browser *ask* the web server
Great for advertising demand for tor in logs. Great for blocking tor.
host their exit relays topologically close to the content servers, to mitigate the threat of network-level adversaries.
Moot given the implied traffic analyzing PA's.
other:
(Minor point) Those are hexes, not digits. :)
[0-9A-F] are the complete set of *digits* making up base-16 "hex[adecimal]" *number* system. as are [0-7] base-8 "octal", [a-z] base-26, [whatever-chars] base-whatever. Some RFC's even refer to them as digits, 4291 IPv6 for example. They're more properly called "symbols representing values", spoken as digits, by aliens in their base [world].
some sort of versioning, or specified the cryptosystem, etc.
Speaking of RFC, ERP may be an idea, but who are the guniea pig supporting sponsor sites, and who's doing the RFC, and prepared to pin this thing for years?
You could put the sites in the relay descriptors for client choice, but they'd still need crosschecked with site sigs, and could bloat consensus more.