[tor-bugs] #7139 [Tor]: Tor involuntarily sets TLS session tickets
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Oct 18 13:16:11 UTC 2012
#7139: Tor involuntarily sets TLS session tickets
-----------------------------------+----------------------------------------
Reporter: nextgens | Type: defect
Status: needs_review | Priority: major
Milestone: Tor: 0.2.2.x-final | Component: Tor
Version: | Keywords: tor-relay ssl tls security pfs
Parent: | Points:
Actualpoints: |
-----------------------------------+----------------------------------------
Comment(by nickm):
Hm. So, I buy the "more attack surface than necessary" argument as a
reason to put it in 0.2.3 and later, but I don't think the swapping
argument necessarily holds water.
If we're worried about the key material getting used to encrypt tickets
getting swapped out to disk, we also need to worry about the session key
material getting swapped out, surely. If you're swapping and your swap
isn't encrypted, I don't think you get PFS guarantees.
I could be missing something crucial there--am I?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7139#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list