diff options
author | Roger Dingledine <arma@torproject.org> | 2012-08-13 16:11:46 -0400 |
---|---|---|
committer | Roger Dingledine <arma@torproject.org> | 2012-08-13 16:11:46 -0400 |
commit | 5ce6cbbb5f6b2e9f40ccecea0029c82e3fdea61c (patch) | |
tree | 8e0d0a50405372a46c569ec45a541be063b9270a /proposals/191-mitm-bridge-detection-resistance.txt | |
parent | 79b1f8f47e7f47f7b9a2603a5aeead53404a1480 (diff) | |
download | torspec-5ce6cbbb5f6b2e9f40ccecea0029c82e3fdea61c.tar.gz torspec-5ce6cbbb5f6b2e9f40ccecea0029c82e3fdea61c.zip |
trivial fixes from earlier readings
Diffstat (limited to 'proposals/191-mitm-bridge-detection-resistance.txt')
-rw-r--r-- | proposals/191-mitm-bridge-detection-resistance.txt | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/proposals/191-mitm-bridge-detection-resistance.txt b/proposals/191-mitm-bridge-detection-resistance.txt index 013d76c..5e9848e 100644 --- a/proposals/191-mitm-bridge-detection-resistance.txt +++ b/proposals/191-mitm-bridge-detection-resistance.txt @@ -14,7 +14,7 @@ Status: Open proposals is that of an adversary capable of performing Man In The Middle attacks to Tor clients. At the moment, Tor clients using the v3 link protocol have no way to detect such an MITM attack, and - will gladly send an VERSIONS or an AUTHORIZE cell to the MITMed + will gladly send a VERSIONS or AUTHORIZE cell to the MITMed connection, thereby revealing the Tor protocol and thus the bridge. This proposal introduces a way for clients to detect an MITMed SSL @@ -27,8 +27,8 @@ Status: Open certificate and the client blindly accepting it. This allows the adversary to perform an MITM attack. - A Tor client must detect the MITM attack before he initializes the - Tor protocol by sending a VERSIONS or an AUTHORIZE cell. A good + A Tor client must detect the MITM attack before he initiates the + Tor protocol by sending a VERSIONS or AUTHORIZE cell. A good moment to detect such an MITM attack is during the SSL handshake. To achieve that, bridge operators provide their bridge users with a @@ -46,13 +46,13 @@ Status: Open 3. Security implications Bridge clients who have pinned a bridge to a certificate - fingerprint will be able to detect an MITMing adversary in timely - fashion. If after detection they act as an innocuous Internet + fingerprint will be able to detect an MITMing adversary in time. + If after detection they act as an innocuous Internet client, they can successfully remove suspicion from the SSL connection and subvert bridge detection. Pinning a certificate fingerprint and detecting an MITMing attacker - does not automatically aleviate suspicions from the bridge or the + does not automatically alleviate suspicions from the bridge or the client. Clients must have a behavior to follow after detecting the MITM attack so that they look like innocent Netizens. This proposal does not try to specify such a behavior. @@ -76,7 +76,7 @@ Status: Open Tor bridge implementations SHOULD provide a command line option that exports a fully equipped Bridge line containing the bridge - address and port, the link certificate fingerprint and any other + address and port, the link certificate fingerprint, and any other enabled Bridge options, so that bridge operators can easily send it to their users. |