Re: [tor-dev] Proposal 176: Proposed version-3 link handshake for Tor

2011-10-05 Thread Nick Mathewson
On Tue, Oct 4, 2011 at 1:05 PM, Steven Murdoch wrote: > From a first look at 176 it looks good. Some comments and suggestions inline: Thanks, Steven! >>    Terminological note: I use "client" below to mean the Tor >>    instance (a client or a bridge or a relay) that initiates a TLS >>    connec

Re: [tor-dev] Proposal 176: Proposed version-3 link handshake for Tor

2011-10-04 Thread Steven Murdoch
>From a first look at 176 it looks good. Some comments and suggestions inline: >Terminological note: I use "client" below to mean the Tor >instance (a client or a bridge or a relay) that initiates a TLS >connection, and "server" to mean the Tor instance (a bridge or a >relay) that

Re: [tor-dev] Proposal 176: Proposed version-3 link handshake for Tor

2011-09-27 Thread Nick Mathewson
On Wed, Sep 21, 2011 at 1:58 PM, Nick Mathewson wrote: I'm thinking of a few more tweaks to this proposal, based on implementation. Here's one: > I think on reflection that we should change the TLSSECRETS field from > optional to required in all AUTHENTICATE cells.  Only relays need to > send i

Re: [tor-dev] Proposal 176: Proposed version-3 link handshake for Tor

2011-09-21 Thread Nick Mathewson
On Tue, Sep 20, 2011 at 2:13 PM, Roger Dingledine wrote: Hi! I'm going to snip every point where I agree with you, and just patch the proposal accordingly. > On Mon, Jan 31, 2011 at 09:50:06PM -0500, Nick Mathewson wrote: [...] >>      2) We should make it harder to probe for a Tor server.  Rig

Re: [tor-dev] Proposal 176: Proposed version-3 link handshake for Tor

2011-09-20 Thread Roger Dingledine
On Mon, Jan 31, 2011 at 09:50:06PM -0500, Nick Mathewson wrote: > 1) We should make it easier to use self-signed certs, or maybe > even existing HTTPS certificates, for the server side > handshake, since most non-Tor SSL handshakes use either > self-signed certifica