On Wed, Sep 18, 2013 at 11:57 PM, Roger Dingledine <[email protected]> wrote: > Hi Nick, Ian, > > I've been pointing people to "Section 6 of > http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.228.6223"; when > they ask what NTor is. But then I realized that that's not the best > (single) place to send cryptographers when I ask them to analyze whether > we've designed or built it right. > > Then I found > https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/216-ntor-handshake.txt > which looks great > > but then I also found > https://gitweb.torproject.org/torspec.git/blob/HEAD:/tor-spec.txt#l852 > which looks crisper. > > So the questions: > > A) Which combination and order of these three resources should I point > people at? That is, does the tor-spec stanza replace proposal 216 > completely, or is there still some use to looking at the proposal too, > or is the proposal wrong now because you fixed stuff since then but > didn't change the proposal, etc? Did I miss any good resources?
I would suggest that people who want to review the thing should really review all of those. If I recall correctly, the tor-spec stanza is a complete replacement for proposal 216, but proposal 216 might explain things better in some places. I'd also suggest reading the code in src/or/onion_ntor.c, which is written pretty cleanly (he bragged). The reason I suggest looking at all of these is that --while an attack on the implementation would of course be worst -- I would accept an attack against *any* of those writeups as a good attack that we should know about. Moreover, I think that looking at the differences between those writeups, and for differences between the final spec and the implementation, would be something very much worth doing. > B) What are the sketchiest parts -- the parts of the design or the > implementation that you most want review on, or that you think would be > most fruitful for finding issues? > > C) What else should I be asking you, in terms of how to get this thing > reviewed the mostest and the bestest? We rolled out NTor quicker than we > rolled out TAP, relatively speaking, and now it would count as breaking a > widely deployed system so I bet we can get some more people evaluating it. I think Ian et al would have a better handle on these issues than I. -- Nick _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
