[tor-bugs] #6383 [Flashproxy]: Email registration helper

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Sep 20 18:14:12 UTC 2012


#6383: Email registration helper
------------------------+---------------------------------------------------
 Reporter:  dcf         |          Owner:  dcf         
     Type:  project     |         Status:  needs_review
 Priority:  normal      |      Milestone:              
Component:  Flashproxy  |        Version:              
 Keywords:              |         Parent:              
   Points:              |   Actualpoints:              
------------------------+---------------------------------------------------
Changes (by dcf):

  * status:  new => needs_review
  * type:  defect => project


Comment:

 I have this implemented in a branch. I would appreciate review of the
 crypto aspects and the overall idea. I have the system running now.

 The program {{{flashproxy-reg-email}}} makes a registration message like
 "client=1.2.3.4:9001" and encrypts it with a public key whose private
 counterpart is held by the facilitator. It connects to Gmail's incoming
 SMTP server over TLS, and sends an email message containing the encrypted
 message to a distinguished gmail.com address whose password is known by
 the facilitator. The program {{{facilitator-email-poller}}}, running on
 the facilitator, makes an IMAP connection over TLS to the distinguished
 account, and checks every 60 seconds for new mail. For every message, it
 decrypts the body, passes the client registration to the facilitator, and
 deletes the message.

 You can test the registration program like this:
 {{{
 $ ./flashproxy-reg-email :7000
 Registered "XXX.XXX.XXX.XXX:7000" with hoddwee at gmail.com.
 }}}
 If port 7000 (or whatever port you choose) is able to receive TCP
 connections, you should get a connection from a flash proxy within about
 60 seconds.

 Source code:
 * https://gitweb.torproject.org/user/dcf/flashproxy.git/blob/email
 :/flashproxy-reg-email
 *
 https://gitweb.torproject.org/user/dcf/flashproxy.git/blob/email:/facilitator
 /facilitator-email-poller

 Documentation:
 * https://gitweb.torproject.org/user/dcf/flashproxy.git/blob/email:/doc
 /gmail-setup.txt
 * https://gitweb.torproject.org/user/dcf/flashproxy.git/blob/email:/doc
 /facilitator-howto.txt

 I call your attention to:
 *
 [https://gitweb.torproject.org/user/dcf/flashproxy.git/blob/8b405f90d5f8905ea08794dbf569f1bc8faf5b3c
 :/flashproxy-reg-email#l31 A hardcoded CA cert] for SMTP and IMAP TLS.
 * Pinned public keys
 ([https://gitweb.torproject.org/user/dcf/flashproxy.git/blob/8b405f90d5f8905ea08794dbf569f1bc8faf5b3c
 :/flashproxy-reg-email#l59 SMTP],
 [https://gitweb.torproject.org/user/dcf/flashproxy.git/blob/ba80dd5eab18f2d0270066d1e6f992d7cd927f79:/facilitator
 /facilitator-email-poller#l57 IMAP]) to avoid TLS MITM.
 * A
 [https://gitweb.torproject.org/user/dcf/flashproxy.git/blob/8b405f90d5f8905ea08794dbf569f1bc8faf5b3c
 :/flashproxy-reg-email#l22 distinguished email address]; what happens if
 we lose access? Should there be more than one?
 *
 [https://gitweb.torproject.org/user/dcf/flashproxy.git/blob/8b405f90d5f8905ea08794dbf569f1bc8faf5b3c
 :/flashproxy-reg-email#l245 RSA encryption] with {{{pkcs1_oaep_padding}}}.
 * An attempt to
 [https://gitweb.torproject.org/user/dcf/flashproxy.git/blob/8b405f90d5f8905ea08794dbf569f1bc8faf5b3c
 :/flashproxy-reg-email#l206 force Python smtplib to verify certificates],
 is it enough?
 * An attempt to
 [https://gitweb.torproject.org/user/dcf/flashproxy.git/blob/ba80dd5eab18f2d0270066d1e6f992d7cd927f79:/facilitator
 /facilitator-email-poller#l87 force Python imaplib to verify
 certificates], is it enough?
 *
 [https://gitweb.torproject.org/user/dcf/flashproxy.git/blob/8b405f90d5f8905ea08794dbf569f1bc8faf5b3c
 :/flashproxy-reg-email#l15 Use of the M2Crypto library], unfortunately not
 part of a standard Python installation, used for public key pinning and
 email message encryption.
 * Storage of the facilitator
 [https://gitweb.torproject.org/user/dcf/flashproxy.git/blob/ba80dd5eab18f2d0270066d1e6f992d7cd927f79:/facilitator
 /facilitator-email-poller#l184 private key] and
 [https://gitweb.torproject.org/user/dcf/flashproxy.git/blob/ba80dd5eab18f2d0270066d1e6f992d7cd927f79:/facilitator
 /facilitator-email-poller#l164 email password] in the filesystem.

 The reason for encrypting the registration messages, even inside of
 encrypted SMTP and IMAP, is to prevent Google from being able to read a
 historical record of client IP addresses, and to protect them from an
 attacker who may gain access to the Gmail account. Client registrations
 are not terribly secret (they are what we give to flash proxies after all,
 and Google can of course record the IP addresses of STMP connections), but
 it is better to be cautious. The M2Crypto library needed for this
 encryption is also used for the public key pinning.

 The encrypted registration emails look like this:
 {{{
 To: hoddwee at gmail.com
 From: nobody at localhost
 Subject: client reg a412f8de63

 q1lAw3jGmemeuI0kUGTYJZZcjx+EXbRzil42L8SabXH8NljPA8+/JtR+eJCO1cXdj2JLhtaJ23by
 YvjJG2qrA1pmyp6P+gcTdLQRlQmkkaCYAfakbh/h7vliH6YEr30G7WtTT2BW7IAhSc8gLNMwiTsN
 fh4R3qsE7rOD3VABE4lVZHTkoMA0TP/WQgzVxpu5Bk8tvo9qEKbH2flwjtLq3vX631PjDjexIM7t
 9A/5n7eol2gVffK4rxB/1OQ/ZBTkOwvO/bzEYzo5YmMEgAU6e/prVP412srz9TSAUBnSWuNql2X9
 ol0D2jf0Aw/XP7qi1ropSwU1IDDR+y/4YkehTQ==
 }}}

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6383#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list