diff options
author | Nick Mathewson <nickm@torproject.org> | 2015-06-02 11:59:06 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2015-06-02 11:59:06 -0400 |
commit | 7bca621cca1ab11f2e550f20e3fe60adec4034ef (patch) | |
tree | 0c769dc5368be77b3bbb0d2abf2189cc487b8090 /proposals/244-use-rfc5705-for-tls-binding.txt | |
parent | 0ebd5db019e32229f2f4afed4b4871501cac0084 (diff) | |
download | torspec-7bca621cca1ab11f2e550f20e3fe60adec4034ef.tar.gz torspec-7bca621cca1ab11f2e550f20e3fe60adec4034ef.zip |
Whoops; actually add proposal 244.
Diffstat (limited to 'proposals/244-use-rfc5705-for-tls-binding.txt')
-rw-r--r-- | proposals/244-use-rfc5705-for-tls-binding.txt | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/proposals/244-use-rfc5705-for-tls-binding.txt b/proposals/244-use-rfc5705-for-tls-binding.txt new file mode 100644 index 0000000..66b8e09 --- /dev/null +++ b/proposals/244-use-rfc5705-for-tls-binding.txt @@ -0,0 +1,41 @@ +Filename: 244-use-rfc5705-for-tls-binding.txt +Title: Use RFC5705 Key Exporting in our AUTHENTICATE calls +Author: Nick Mathewson +Created: 2015-05-14 +Status: Draft + +1. Proposal + + We use AUTHENTICATE cells to bind the connection-initiator's Tor + identity to a TLS session. Our current type of authentication + ("RSA-SHA256-TLSSecret", see tor-spec.txt section 4.4) does this by + signing a document that includes an HMAC of client_random and + server_random, using the TLS master secret as a secret key. + + There is a more standard way to get at this information, by using the + facility defined in RFC5705. Further, it is likely to continue to + work with more TLS libraries, including TLS libraries like OpenSSL 1.1 + that make master secrets and session data opaque. + + I propose that we introduce a new authentication type, with AuthType + and TYPE field to be determined, that works the same as our current + "RSA-SHA256-TLSSecret" authentication, except for these fields: + + TYPE is a different constant string. + + TLSSECRETS is replaced by the output of the Exporter function in + RFC5705, using as its inputs: + * The label string "EXPORTER FOR TOR TLS CLIENT BINDING " + TYPE + * The context value equal to the client's identity key digest. + * The length 32. + + I propose that proposal 224's section on authenticating with ed25519 + keys be amended accordingly: + + TYPE is a different constant string, different from the one above. + + TLSSECRETS is replaced by the output of the Exporter function in + RFC5705, using as its inputs: + * The label string "EXPORTER FOR TOR TLS CLIENT BINDING " + TYPE + * The context value equal to the client's Ed25519 identity key + * The length 32. |