[tor-bugs] #5968 [Tor]: Improve onion key and TLS management (was: Improve onion key management)

[Tor Bug Tracker & Wiki]

#5968: Improve onion key and TLS management
-------------------------+--------------------------------------------------
 Reporter:  mikeperry    |          Owner:                    
     Type:  enhancement  |         Status:  new               
 Priority:  major        |      Milestone:  Tor: 0.2.5.x-final
Component:  Tor          |        Version:                    
 Keywords:  tor-relay    |         Parent:  #5456             
   Points:               |   Actualpoints:                    
-------------------------+--------------------------------------------------
Changes (by mikeperry):

  * milestone:  Tor: unspecified => Tor: 0.2.5.x-final


Comment:

 What if we put a hash of the TLS cert we're using in the current
 microdescriptor? Clients could then check that hash during/after TLS
 handshake, and simply close+log any mismatches. It seems like we can check
 the hash after establishment without issue, so long as it is done before
 we try to use the connection for circuits.

 Then, so long as relays verify that what they attempt to publish is what
 gets signed by the authorities in the consensus, we should have
 effectively removed the ability for identity key theft to allow TLS
 compromise without the additional theft of the consensus keys.

 I am putting this to 0.2.5.x because it seems simple enough, and would be
 a huge improvement if we can authenticate TLS in this way. If no one else
 is going to take it, I suppose I could try.

 Would we be opposed to placing this hash in the microdescriptor? Is there
 a better place for it that clients can still somehow see/use?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5968#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online