[tor-bugs] #4570 [Tor Bridge]: Implement certificate start time fuzzing and serial number covert channel (part of proposal 179)
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Nov 25 01:11:41 UTC 2011
#4570: Implement certificate start time fuzzing and serial number covert channel
(part of proposal 179)
------------------------+---------------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Bridge | Version:
Keywords: | Parent: #3972
Points: | Actualpoints:
------------------------+---------------------------------------------------
This ticket is for tracking the implementation of certificate start time
fuzzing and serial number covert channel.
Jake implemented both of these in his prop179 branch.
wrt the serial number thing, if we decide to allow users to input their
own TLS certificates, the serial number covert channel will get poluted. I
think it's time to think if we really need '''this''' covert channel, or
if we care that we will get false positives with user-specific
certificates.
For link protocol version negotiation, we have the VERSIONS cell. We might
'''need''' a covert channel '''on''' the SSL handshake, if we need to
negotiate the link protocol version before the Tor protocol. In which
cases do we need such a '''visible''' covert channel?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4570>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list