[tor-dev] Proposal 176: Proposed version-3 link handshake for Tor
Nick Mathewson
nickm at alum.mit.edu
Tue Sep 27 14:36:14 UTC 2011
On Wed, Sep 21, 2011 at 1:58 PM, Nick Mathewson <nickm at alum.mit.edu> wrote:
I'm thinking of a few more tweaks to this proposal, based on implementation.
Here's one:
> I think on reflection that we should change the TLSSECRETS field from
> optional to required in all AUTHENTICATE cells. Only relays need to
> send it, after all.
Doing this makes us more secure, at the expense of making it a little
harder for now to write a relay using an inflexible TLS library that
you can't change.
Another change: Previously I had said that every server (including
relays and bridges) should send an AUTH_CHALLENGE cell to say "I'd
like authentication". In fact, that should only apply to relays:
There is never a point in authenticating to a bridge, right?
Similarly, bridges should only authenticate to their clients, not to
the relays that they're extending to.
So here, I think, are the right behaviors for the possible
interactions in the v3 protocol now:
Client connects to bridge:
C->B: VERSIONS
B->C: VERSIONS, CERT, NETINFO
C->B: NETINFO
Client or bridge connects to relay:
C->R: VERSIONS
R->C: VERSIONS, CERT, AUTH_CHALLENGE, NETINFO
C->R: NETINFO
Relay connects to relay:
R1->R2: VERSIONS
R2->R1: VERSIONS, CERT, AUTH_CHALLENGE, NETINFO
R1->R2: CERT, AUTHENTICATE, NETINFO
--
Nick
More information about the tor-dev
mailing list