[tor-dev] Proposal 228: Cross-certifying identity keys with onion keys

Sebastian G. <bastik.tor> bastik.tor at googlemail.com
Sat Mar 1 13:22:12 UTC 2014


25.02.2014 17:22, Nick Mathewson:
>  You _could_ do something weird in the TAP protocol where you .

do something I don't tell you. ;)

(I saw that this one was caught already)

It should be something like this, in case anyone wonders.

>   (You _could_ do something weird in the TAP protocol where you
>    receive an onionskin that you can't process, relay it to the
>    party who can process it, and receive a valid reply that you
>    could send back to the user.  But this makes you a less effective
>    man-in-the-middle than you would be if you had just generated
>    your own onion key.  The ntor protocol shuts down this
>    possibility by including the router identity in the material to
>    be hashed, so that you can't complete an ntor handshake unless
>    the client agrees with you about what identity goes with your
>    ntor onion key.)

But I think there is another one.

> 4. Performance impact
> 
>    Routers do not generate new descriptors frequently enough for
>    them to need to

worry about performance for this matter. (?)

Or was it something else?

Regards,
Sebastian (bastik)



More information about the tor-dev mailing list