On Wed, Nov 2, 2011 at 12:45 PM, Robert Ransom rransom.8774@gmail.com wrote:
On 2011-11-02, Watson Ladd watsonbladd@gmail.com wrote:
Dear All, Rather then get further sucked into a debate that is producing more heat then light about Wegman-Carter, I've decided to make a concrete proposal for how Tor can better protect its streams from manipulation.
Your proposal is so detailed and concrete that I'm not even going to try to figure out what it means.
I'm going to suggest that we ought to isolate protocol discussions from primitives discussions here. The discussion of how to put together a good relay packet format using a stream cipher and a MAC (or a stream cipher with an authenticating mode of operation) ought to be separable from the discussion of which stream cipher/MAC/authenticating mode we use.
(If it isn't separable -- if the format relies on particular properties of a given primitive -- that strikes me as a point against the format.)
[...]
Right now Tor encrypts the streams of data from a client to a OR with AES-CTR and no integrity checks.
Bullshit. We have a 32-bit-per-cell integrity check at the ends of a circuit.
Let's keep this polite, please. "Not so" is a perfectly fine alternative to "bullshit," and is likelier to keep future conversations productive.
cheers,