[tor-commits] [torspec/master] Whoops; actually add proposal 244.

nickm at torproject.org nickm at torproject.org
Tue Jun 2 16:00:06 UTC 2015 

commit 7bca621cca1ab11f2e550f20e3fe60adec4034ef
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Jun 2 11:59:06 2015 -0400

    Whoops; actually add proposal 244.
---
 proposals/244-use-rfc5705-for-tls-binding.txt |   41 +++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/proposals/244-use-rfc5705-for-tls-binding.txt b/proposals/244-use-rfc5705-for-tls-binding.txt
new file mode 100644
index 0000000..66b8e09
--- /dev/null
+++ b/proposals/244-use-rfc5705-for-tls-binding.txt
@@ -0,0 +1,41 @@
+Filename: 244-use-rfc5705-for-tls-binding.txt
+Title: Use RFC5705 Key Exporting in our AUTHENTICATE calls
+Author: Nick Mathewson
+Created: 2015-05-14
+Status: Draft
+
+1. Proposal
+
+  We use AUTHENTICATE cells to bind the connection-initiator's Tor
+  identity to a TLS session.  Our current type of authentication
+  ("RSA-SHA256-TLSSecret", see tor-spec.txt section 4.4) does this by
+  signing a document that includes an HMAC of client_random and
+  server_random, using the TLS master secret as a secret key.
+
+  There is a more standard way to get at this information, by using the
+  facility defined in RFC5705.  Further, it is likely to continue to
+  work with more TLS libraries, including TLS libraries like OpenSSL 1.1
+  that make master secrets and session data opaque.
+
+  I propose that we introduce a new authentication type, with AuthType
+  and TYPE field to be determined, that works the same as our current
+  "RSA-SHA256-TLSSecret" authentication, except for these fields:
+
+    TYPE is a different constant string.
+
+    TLSSECRETS is replaced by the output of the Exporter function in
+    RFC5705, using as its inputs:
+        * The label string "EXPORTER FOR TOR TLS CLIENT BINDING " + TYPE
+        * The context value equal to the client's identity key digest.
+        * The length 32.
+
+  I propose that proposal 224's section on authenticating with ed25519
+  keys be amended accordingly:
+
+    TYPE is a different constant string, different from the one above.
+
+    TLSSECRETS is replaced by the output of the Exporter function in
+    RFC5705, using as its inputs:
+        * The label string "EXPORTER FOR TOR TLS CLIENT BINDING " + TYPE
+        * The context value equal to the client's Ed25519 identity key
+        * The length 32.

More information about the tor-commits mailing list