Some draft notes on migrating Tor's ciphersuites

Nick Mathewson nickm at
Sun Dec 19 03:34:17 UTC 2010

On Sat, Dec 18, 2010 at 9:01 AM, Watson Ladd <watsonbladd at> wrote:
> When a client receives indication that its EXT_CREAT was not
> recognized it falls back on CREATE. ORs send back a packet that
> indicates if they do not recognize the SUITE and the client falls back
> to an earlier revision.

Actually, the fallback mechanism probably isn't even needed: remember,
the client has a descriptor for the servers that it wants to extend
from and to, so it knows which keys and ciphersuites the target server
supports, and which extend protocols the origin server supports.

You're right that it's important to limit partitioning opportunities
in any protocol revision; I tried to go over that in section 2, but we
shouldn't assume that I've said the last word on this.  We should
continue to look for ways to revise and improve whatever we come up
with to get the partitioning and other undesirable things down to a


More information about the tor-dev mailing list