[tor-bugs] #4570 [Tor Bridge]: Implement certificate serial number covert channel (part of proposal 179) (was: Implement certificate start time fuzzing and serial number covert channel (part of proposal 179))
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Nov 25 04:31:46 UTC 2011
#4570: Implement certificate serial number covert channel (part of proposal 179)
------------------------+---------------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Bridge | Version:
Keywords: | Parent: #3972
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by asn):
Replying to [comment:1 nickm]:
> Replying to [ticket:4570 asn]:
> > This ticket is for tracking the implementation of certificate start
time fuzzing and serial number covert channel.
>
> I'm not sure it makes sense to have both of these in one ticket; are
they actually related in some way I'm not getting?
>
It does not make sense. I'm restricting this to the serial number thing.
> > Jake implemented both of these in his prop179 branch.
> >
> > wrt the serial number thing, if we decide to allow users to input
their own TLS certificates, the serial number covert channel will get
poluted. I think it's time to think if we really need '''this''' covert
channel, or if we care that we will get false positives with user-specific
certificates.
>
> If we want to do this, we need to care about false positives, or else
it's useless. (If there are false positives, then we can't safely use the
hypothetical v4 link protocol whenever we see the hypothetical v4
indicator.)
>
We will always have false positives with this scheme, till all the
non-0.2.3.x relays disappear from the network.
> > For link protocol version negotiation, we have the VERSIONS cell. We
might '''need''' a covert channel '''on''' the SSL handshake, if we need
to negotiate the link protocol version before the Tor protocol. In which
cases do we need such a '''visible''' covert channel?
>
> The question isn't whether we need a visible one; it's whether we'll
ever need to do again what we've done with the v1->v2 and v2->v3 link
protocol transition, where the client learns which handshake it is before
the handshake is actually done, so that the client can act differently,
depending. I *think* that v3 should be flexible enough to last
indefinitely, but we should actually figure this out.
VERSIONS cells should be enough to negotiate future 'in-protocol' link
protocols.
A covert channel like the one described in 178 could find use:
a) If we needed to do our link protocol in the initial SSL handshake. But
we've grown old for that, no?
b) If we needed to negotiate the link protocol before the Tor protocol
hits the wire. This sounds like an anti-bridge-detection measure, but I
can't find any scenarios where such a '''visible''' covert channel would
help [0].
Can you describe a use case where VERSIONS wouldn't do it and this
serialNumber covert channel would help?
[0]: On the other hand, a covert channel based on a shared secret has some
uses. See 5.1: https://lists.torproject.org/pipermail/tor-
dev/2011-November/003070.html
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4570#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list