On Fri, Nov 4, 2011 at 4:10 PM, Robert Ransom rransom.8774@gmail.com wrote:
On 2011-11-04, George Kadianakis desnacked@gmail.com wrote:
Filename: 189-authorize-cell.txt Title: AUTHORIZE and AUTHORIZED cells Author: George Kadianakis Created: 04 Nov 2011 Status: Open
- Overview
Proposal 187 introduced the concept of the AUTHORIZE cell, a cell whose purpose is to make Tor bridges resistant to scanning attacks.
This is achieved by having the bridge and the client share a secret out-of-band and then use AUTHORIZE cells to validate that the client indeed knows that secret before proceeding with the Tor protocol.
This proposal specifies the format of the AUTHORIZE cell and also introduces the AUTHORIZED cell, a way for bridges to announce to clients that the authorization process is complete and successful.
- Motivation
AUTHORIZE cells should be able to perform a variety of authorization protocols based on a variety of shared secrets. This forces the AUTHORIZE cell to have a dynamic format based on the authorization method used.
AUTHORIZED cells are used by bridges to signal the end of a successful bridge client authorization and the beginning of the actual link handshake. AUTHORIZED cells have no other use and for this reason their format is very simple.
Both AUTHORIZE and AUTHORIZED cells are to be used under censorship conditions and they should look innocuous to any adversary capable of monitoring network traffic.
I wrote the following in my reply to proposal 190, but it probably belongs here instead:
| An adversary who MITMs the TLS connection and receives a Tor AUTHORIZE | cell will know that the client is trying to connect to a Tor bridge. | | Should the client send a string of the form "GET | /?q=correct+horse+battery+staple\r\n\r\n" instead of an AUTHORIZE | cell, where "correct+horse+battery+staple" is a semi-plausible search | phrase derived from the HMAC in some way?
Seems to me at that point we are hosed anyway. If you see correct+horse+battery+staple and the response is garbled data, not an HTTP response, its probably something unusual. Bridge descriptors should include enough information for Tor to ensure that the TLS connection is safe. If we are protecting against passive scanning then we just need to make it look like a webserver. One good way of doing that: ask people who have webservers to run bridges, and have Tor simply pass any confused HTTP requests to the actual webserver. (These shouldn't be popular sites) Sincerely, Watson Ladd