[tor-bugs] #988 [Tor Relay]: Different TLS certs for incoming vs outgoing
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Oct 4 17:03:17 UTC 2010
#988: Different TLS certs for incoming vs outgoing
--------------------------+-------------------------------------------------
Reporter: arma | Type: enhancement
Status: needs_review | Priority: minor
Milestone: post 0.2.1.x | Component: Tor Relay
Version: 0.2.0.34 | Resolution: None
Keywords: | Parent:
--------------------------+-------------------------------------------------
Changes (by nickm):
* status: new => needs_review
Old description:
> We should learn to present different TLS certs for incoming connections
> vs outgoing connections.
>
> The motivating example is bridges. They want to show the same identity
> to people who connect, yet behave like clients when they connect to other
> relays (e.g. change keys when they change IP addresses).
>
> (Of course, this change would provide a new way to test for bridges: if a
> Tor connects to you, connect back and see if the cert is different. But
> at
> least that's an active test that requires the bridge to connect to you
> first. But then, the attack I describe above only kicks in when the
> bridge
> connects to you. Hm.)
>
> [Automatically added by flyspray2trac: Operating System: All]
New description:
We should learn to present different TLS certs for incoming connections
vs outgoing connections.
The motivating example is bridges. They want to show the same identity
to people who connect, yet behave like clients when they connect to other
relays (e.g. change keys when they change IP addresses).
(Of course, this change would provide a new way to test for bridges: if a
Tor connects to you, connect back and see if the cert is different. But at
least that's an active test that requires the bridge to connect to you
first. But then, the attack I describe above only kicks in when the bridge
connects to you. Hm.)
[Automatically added by flyspray2trac: Operating System: All]
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/988#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list