[tor-bugs] #988 [Tor Relay]: Different TLS certs for incoming vs outgoing

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Oct 4 17:03:17 UTC 2010


#988: Different TLS certs for incoming vs outgoing
--------------------------+-------------------------------------------------
 Reporter:  arma          |         Type:  enhancement
   Status:  needs_review  |     Priority:  minor      
Milestone:  post 0.2.1.x  |    Component:  Tor Relay  
  Version:  0.2.0.34      |   Resolution:  None       
 Keywords:                |       Parent:             
--------------------------+-------------------------------------------------
Changes (by nickm):

  * status:  new => needs_review


Old description:

> We should learn to present different TLS certs for incoming connections
> vs outgoing connections.
>
> The motivating example is bridges. They want to show the same identity
> to people who connect, yet behave like clients when they connect to other
> relays (e.g. change keys when they change IP addresses).
>
> (Of course, this change would provide a new way to test for bridges: if a
> Tor connects to you, connect back and see if the cert is different. But
> at
> least that's an active test that requires the bridge to connect to you
> first. But then, the attack I describe above only kicks in when the
> bridge
> connects to you. Hm.)
>
> [Automatically added by flyspray2trac: Operating System: All]

New description:

 We should learn to present different TLS certs for incoming connections
 vs outgoing connections.

 The motivating example is bridges. They want to show the same identity
 to people who connect, yet behave like clients when they connect to other
 relays (e.g. change keys when they change IP addresses).

 (Of course, this change would provide a new way to test for bridges: if a
 Tor connects to you, connect back and see if the cert is different. But at
 least that's an active test that requires the bridge to connect to you
 first. But then, the attack I describe above only kicks in when the bridge
 connects to you. Hm.)

 [Automatically added by flyspray2trac: Operating System: All]

--

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/988#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list