[tor-bugs] #6088 [Tor]: Gather data about possible transition to 2048bit RSA/DHE

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jun 19 14:26:53 UTC 2014


#6088: Gather data about possible transition to 2048bit RSA/DHE
-------------------------+-------------------------------------------------
     Reporter:  ioerror  |      Owner:  ioerror
         Type:           |     Status:  new
  enhancement            |  Milestone:  Tor: 0.2.6.x-final
     Priority:  normal   |    Version:  Tor: unspecified
    Component:  Tor      |   Keywords:  tor-relay needs-analysis needs-
   Resolution:           |  proposal 026-triaged-1
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------
Changes (by nickm):

 * keywords:  tor-relay needs-analysis needs-proposal => tor-relay needs-
     analysis needs-proposal 026-triaged-1


Comment:

 I think all that is left here is switching from 1024-bit RSA link keys to
 2048-bit RSA link keys.  According to some surveys, 2048-bit link keys are
 already in a majority for websites, so this won't be a huge deal.

 P256 ECDHE is fairly common in the wild, but 2048-bit DHE is quite rare.

 I did some quick experiments to tell whether changing to better
 certificates would break compatibility.  It appears that 0.2.2 and later
 all work just fine with 2048-bit link keys.

 It's possible, however, that we want to want to do more here.  It's pretty
 unusual to have a 2048-bit certificate that's signed by a 1024-bit key.
 So when we send out our link certificate for TLS, we want to have a dummy
 2048-bit key sign it -- and we want to present a real identity-key-signed
 link cert when we do our CERTS cells.

 I've verified that doing *that* works just fine with 0.2.3 and later, and
 hacked up a chutney network to the point where it kinda just works with
 the v2  handshake.  I think I have the v1 handshake working too, but I
 haven't tested it.

 (I don't know whether we care very much about v2 and v1, or whether we're
 deprecating them... but at least, using 2048-bit link keys signed by
 2048-bit temporary keys won't force us to deprecate them.)

 My hacks are in a branch "ticket6088_hax".  They need more work to get
 applied.  There's not much point applying them without also doing proposal
 220.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6088#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list