[tor-bugs] #5460 [Tor Client]: Write proposal(s) to evaluate circuit crypto authentication
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Mar 23 20:19:49 UTC 2012
#5460: Write proposal(s) to evaluate circuit crypto authentication
------------------------+---------------------------------------------------
Reporter: mikeperry | Owner:
Type: defect | Status: new
Priority: major | Milestone:
Component: Tor Client | Version:
Keywords: | Parent: #5456
Points: | Actualpoints:
------------------------+---------------------------------------------------
We need to write a proposal to determine the best way to provide
authentication to our circuit crypto, so that cells that have been
tagged/tampered with/duplicated cause circuit failure at the 2nd hop, not
the third.
As I understand it, there are two competing possibilities:
1. Self-authenticating crypto (BEAR/LION/LIONESS, others?)
2. Per-hop MAC
The main disadvantage of 1 is that it's likely slow and not very many
people use it. The disadvantage of 2 is that it requires us to disclose
path length count and position to nodes, as well as have MACs that either
grow with increased path length, or become less secure with increased path
length.
There are probably other issues. I believe the current plan is to produce
both options in one or more proposals and compare and contrast them.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5460>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list