[tor-bugs] #9499 [BridgeDB]: BridgeDB should hand out identity fingerprints
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Aug 16 17:11:17 UTC 2013
#9499: BridgeDB should hand out identity fingerprints
-----------------------+----------------------------------------------------
Reporter: mikeperry | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: BridgeDB | Version:
Keywords: path-bias | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Once we deprecate Vidalia fully and switch to Tor Launcher, nothing should
be in the way of handing out identity hex keys for bridges. Well, nothing
except #9445 (which if it comes down to it, I can fix quickly myself).
It is important to hand out these fingerprints because it mitigates path
bias/route capture attacks. Without the identity fingerprint, a firewall
could potentially MITM the bridge connection for purposes of unwrapping
TLS, in order to see the Tor cell headers and bitstomp/tag cells to
control circuit destinations and deanonymize users. We have detectors for
these attacks in place, but they can't be enforced yet because of the
highly variable rate of CPU overload/circuit failure on the network. Other
solutions to bitstomping (like wide-block ciphers) will also mitigate
these attacks, but they are a long ways off.
With the identity fingerprint, the TLS links will be authenticated (our
TLS connections use the identity key to sign a short-lived TLS link key).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9499>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list