Opened 12 years ago

Last modified 8 years ago

#860 closed defect (Fixed)

Tor-spec does not specify how clients should manage identity certificates

Reported by: Freed Owned by:
Priority: Low Milestone:
Component: Core Tor/Tor Version:
Severity: Keywords:
Cc: Freed, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Tor-spec requires two certificates from each part when negotiating a TLS session, one using a temporary key,
and one using the identity key of each part. This is fine when one OR connects to another, but when a client/OP
connects to its initial OR, it should reveal as little as possible about itself. The client might of course be
tracked by IP by the first OR, but having a long term identity key will make it even less anonymous. For example,
the client might be connecting from a large NAT network, or through another anonymization service.

The specification should either specify how often clients are supposed to change their identity keys (use a new one
for each connection?), or explicitly allow clients to connect using only one certificate (any issues with this,
making it easier to tell client-OR connections from OR-OR connections?).

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (3)

comment:1 Changed 12 years ago by nickm

Clarified in r17568, which also adds an 098-todo.txt entry to try to make this behavior better.

comment:2 Changed 12 years ago by nickm

flyspray2trac: bug closed.

comment:3 Changed 8 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.