| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |_|/ /
|/| | |
| | | |
| | | |
| | | | |
- No point in using SHAKE *with* HKDF. Just use SHAKE.
- Use our KDF to do key expansion for rendezvous crypto.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Too complex and not sufficient gain. For full rationale, please see thread:
https://lists.torproject.org/pipermail/tor-dev/2016-March/010560.html
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Kill last remnants of TAP from the proposal.
- Replace SHA256 with SHA3-256 and our KDF with SHAKE.
- Make the INTRO_ESTABLISHED cell extensible.
- Improve the descriptor format a bit.
- Don't be ambiguous about "INTRODUCE" cells (pointed out by malekbr).
- Cleanup the scaling section.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
Base64 holds 6 bits, not 5. Patch from twim.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
(Note that no corresponding tor change is needed, since we don't
actually use these keys yet.)
Resolves 17668.{S1,T1}
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| |/ / / |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
After the following development meeting discussing this proposal:
http://meetbot.debian.net/tor-dev/2016/tor-dev.2016-02-04-13.28.html
These changes were sent to tor-dev@lists.torproject.org:
https://lists.torproject.org/pipermail/tor-dev/2016-February/010379.html
|
| | | |
| | |
| | |
| | | |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Remove ed25519 keys completely. Use RSA keys for referencing.
- Replace SHA256 with SHA3-256 (Keccak).
- Specify better the format and contents of TIMESTAMP.
- Put TIMESTAMP in the front of COMMIT for symmetry with REVEAL.
- Use base64 not base32.
- Specify what happens when PREVIOUS_SRV is unknown.
- Remove some paragraphs that are no longer valid.
- Simplify consistent ordering in HASHED_REVEALS.
- Put algorithm name first on disk and commit.
|
| | | | |
|
| | |/
|/| |
|
| | | |
|
| | |
| |
| |
| |
| | |
Update the directory spec to describe client behaviour with default
fallback directory mirrors after #15775 and #4483.
|
| | |
| |
| |
| | |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
The term “X509 certificate” actually only describes one part of the
format. Be more explicit to mean DER encoded certificates (in contrast to
PEM encoded certifcates).
|
| |\ \ |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Closes #16227
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This version matches the implementation submitted for review.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |/ / |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The following changes were made:
* Randomize second and third guard layers.
* Fold in my comments about using disjoint sets ("buckets") for the
third level guard.
* Make the paremeter discussion subsection its own section, and include tables
with far more detail for the Sybil success rates.
* Changed the default parameters based on these tables, and based on my own
intuition about Tor's performance properties.
* Move the load balancing, torrc, and other performance considerations to
their own section (Section 5).
* Move "3.2. Distinguishing new HS circuits from normal HS circuits" to
section 4.1.
* Fold in some of "3.3. Circuit nodes can now be linked to specific hidden
services" into 4.1. Some of it I just removed, though, because I did not find
it credible.
* Added Roger's concerns about guard linkability to Section 4.2.
* Added a denial of service subsection to Section 4.3.
* Try to make a coherent threat model and specify its assumptions
* Put the rotation period in a separate subsection from the number of guards
* Switch to using min(X,X) and max(X,X) for the distribution for the
second and third layer guard lifespans, respectively. Add a subsection
describing this distribution (3.2.3)
* Include python functions for the min and max probability distributions.
* Mention that third nodes can probe to see if they are one of the current
RPs.
* Provide CDF for rotation functions for Sybil runtime expecations.
* Add s7r's DoS points.
* Add notes from Thursday dev meeting discussion.
* Address Aaron's mailinglist comments (except for the CDF).
* Add discussion items from the dev meeting.
|
| | | |
|
| | | |
|
| | | |
|
