On Wed, Mar 5, 2014 at 1:36 PM, Sebastian G. <bastik.tor> <[email protected]> wrote: > 04.03.2014 03:45, Nick Mathewson: >> 5. We should revisit proposals to have Tor server <-> server >> communication use the v1 link protocol again. (That's the one where >> both sides present a certificate chain in their TLS handshake. We >> moved away from it because of protocol fingerprinting issues, before >> we'd hit upon pluggable transports as a better means for protocol >> obfuscation.) Due to our messed-up use of ciphersuites for >> signalling, we will have some tricky times designing this compatibly >> with existing Tors. But it might be our best long-term option if we >> can make it work. (IIRC Robert Ransom was advocating this.) > > Hello Nick, > > thank you for the education. :) > > Since this is somewhat "important" for the list it is sent to it. > > You say both presented a "certificate chain". For me this is what > SSL/TLS provides with > > CA certificate -> Sub CA certificate -> website certificate. > > Did Tor had a similar implementation where there was an actual chain of > certificates?>
Yes; have a look at the "v1 link handshake" as described in tor-spec.txt. The certificate chain doesn't involve a CA, but rather it was: Identity certificate -> Short-term link certificate The advantage to having multiple layers of keys is: * It provides another layer of forward secrecy by periodic discarding of private keys used for actual communication. * It makes it easier to keep identity keys offline to mitigate the effects of key compromise. (That's not fully possible in current Tor designs, because a Tor node needs its identity key to sign descriptors periodically. But see proposal 220 for a way to get into a position where we can support this.) yrs, -- Nick _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
