TLS for the link handshakes/encryption
Roger Dingledine
arma at mit.edu
Tue Sep 2 09:40:11 UTC 2003
On Tue, Sep 02, 2003 at 01:51:20AM -0400, Roger Dingledine wrote:
> I think we should definitely look into tls for the OR link-level
Based on looking at the chainsaw [1] cvs and docs, it seems ZKS was
very excited about Oakley key exchange [2], and also about Photuris,
which has since been finalized into rfc 2522 and 2523.
Part of the benefit here is they have cookies built into the protocol
to keep adversaries from hammering the servers. ("Alice sends 128 zeros
and the server does an RSA decrypt" is a bad DoS issue.)
They seem to be designed for UDP (I'm not sure if that means they're
less suitable/impressive for TCP).
The great thing about standards is that there are so many to choose from.
Anybody have opinions about these?
--Roger
[1] http://cvs.shmoo.com/view/projects/freedom-server/prototypes/chainsaw/
[2] http://www.ietf.org/rfc/rfc2412.txt
More information about the tor-dev
mailing list