[tor-bugs] #3972 [Tor Relay]: Implement proposal 179: TLS certificate and handshake normalization
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Sep 29 00:59:18 UTC 2011
#3972: Implement proposal 179: TLS certificate and handshake normalization
--------------------------+-------------------------------------------------
Reporter: ioerror | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.3.x-final
Component: Tor Relay | Version: Tor: unspecified
Keywords: needs_review | Parent:
Points: | Actualpoints:
--------------------------+-------------------------------------------------
Comment(by nickm):
As previously discussed: s/rakshasa/something else/
As you mention above: let's NOT do the "internet widgets", Some-State, AU
business. Those might be common values, but we've no evidence that
they're common enough that a censor wouldn't block them.
all functions need docmentation
non-constant Identifiers start with a lower-case letter
Does DH_generate_parameters really require DH_check afterwards?
Why not use the default number of prime checks?
Can we store our DH prime to disk, so we don't need to regenerate it every
time we start up?
2048-bit RSA, but 1024 bit DH? Why?
The start-time fuzzing makes me a little twitchy; we should document that
magic 18.
When we _do_ generate a certificate chain, we should retain the ability to
have the DN of the issuer of signed certificate match the DN of the
identity cert.
We should see if we can do what we _really_ want here, and present cert A
during the initial handshake, then present cert B and cert C during the
renegotiation, where A can be anything with the right key.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3972#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list