Roger Dingledine commited on 2008-11-23 08:25:36
Zeige 1 geänderte Dateien mit 41 Einfügungen und 19 Löschungen.
... | ... |
@@ -456,44 +456,66 @@ director for information on making grants or major donations. |
456 | 456 |
used for?</a></h3> |
457 | 457 |
|
458 | 458 |
<p> |
459 |
-Every Tor relay has a public decryption key (rotated once a |
|
460 |
-week). When the Tor clients establish circuits, at each step they <a |
|
461 |
-href="<svnsandbox>doc/design-paper/tor-design.html#subsec:circuits">demand |
|
462 |
-that the Tor relay prove knowledge of its private key</a>. That way |
|
459 |
+Tor uses a variety of different keys, with three goals in mind: 1) |
|
460 |
+encryption (inside the Tor network), 2) authentication so you know you're |
|
461 |
+talking to the relays you meant to talk to, and 3) signatures to make |
|
462 |
+sure all users know the same set of relays. |
|
463 |
+</p> |
|
464 |
+ |
|
465 |
+<p> |
|
466 |
+<b>Encryption</b>: first, all connections in Tor use TLS link encryption, |
|
467 |
+so observers can't look inside to see which circuit a given cell is |
|
468 |
+intended for. Further, the Tor client establishes an ephemeral encryption |
|
469 |
+key with each relay in the circuit, so only the exit relay can read |
|
470 |
+the cells. Both sides discard the circuit key when the circuit ends, |
|
471 |
+so logging traffic and then breaking into the relay to discover the key |
|
472 |
+won't work. |
|
473 |
+</p> |
|
474 |
+ |
|
475 |
+<p> |
|
476 |
+<b>Authentication</b>: |
|
477 |
+Every Tor relay has a public decryption key called the "onion key". |
|
478 |
+When the Tor client establishes circuits, at each step it <a |
|
479 |
+href="<svnsandbox>doc/design-paper/tor-design.html#subsec:circuits">demands |
|
480 |
+that the Tor relay prove knowledge of its onion key</a>. That way |
|
463 | 481 |
the first node in the path can't just spoof the rest of the path. |
482 |
+Each relay rotates its onion key once a week. |
|
464 | 483 |
</p> |
465 | 484 |
|
466 | 485 |
<p> |
486 |
+<b>Coordination</b>: |
|
467 | 487 |
How do clients know what the relays are, and how do they know that they |
468 |
-have the right keys for them? The directory servers provide a signed list |
|
469 |
-of all the approved relays, and in that list are a set of self-signed |
|
470 |
-certificates from each relay, specifying their keys, locations, exit |
|
471 |
-policies, and so on. So unless the adversary can control a directory |
|
472 |
-server (and starting in Tor 0.1.1.x, a threshold of the directory |
|
473 |
-servers), he can't trick the Tor client into using other Tor relays. |
|
488 |
+have the right keys for them? Each relay has a long-term public signing |
|
489 |
+key called the "identity key". Each directory authority additionally has a |
|
490 |
+"directory signing key". The directory authorities provide a signed list |
|
491 |
+of all the known relays, and in that list are a set of certificates from |
|
492 |
+each relay (self-signed by their identity key) specifying their keys, |
|
493 |
+locations, exit policies, and so on. So unless the adversary can control |
|
494 |
+a threshold of the directory authorities, he can't trick the Tor client |
|
495 |
+into using other Tor relays. |
|
474 | 496 |
</p> |
475 | 497 |
|
476 | 498 |
<p> |
477 |
-How do clients know what the directory servers are? The list comes with |
|
478 |
-the Tor distribution. It hard-codes their locations and their public |
|
479 |
-keys. So the only way to trick the user into using a fake Tor network |
|
499 |
+How do clients know what the directory authorities are? The Tor software |
|
500 |
+comes with a built-in list of location and public key for each directory |
|
501 |
+authority. So the only way to trick users into using a fake Tor network |
|
480 | 502 |
is to give them a specially modified version of the software. |
481 | 503 |
</p> |
482 | 504 |
|
483 | 505 |
<p> |
484 | 506 |
How do users know they've got the right software? When we distribute |
485 | 507 |
the source code or a package, we digitally sign it with <a |
486 |
-href="http://www.gnupg.org/">GNU Privacy Guard</a>. Also see the <a |
|
508 |
+href="http://www.gnupg.org/">GNU Privacy Guard</a>. See the <a |
|
487 | 509 |
href="https://wiki.torproject.org/noreply/TheOnionRouter/VerifyingSignatures">instructions |
488 | 510 |
on how to check Tor's signatures</a>. |
489 | 511 |
</p> |
490 | 512 |
|
491 | 513 |
<p> |
492 |
-In order to be absolutely certain that it's signed by the developers, |
|
493 |
-you need to have met them in person and gotten a copy of their key |
|
494 |
-fingerprint, or you need to know somebody who has. If you're concerned |
|
495 |
-about an attack on this level, we recommend you get involved with the |
|
496 |
-security community and start meeting people. |
|
514 |
+In order to be certain that it's really signed by us, you need to have |
|
515 |
+met us in person and gotten a copy of our GPG key fingerprint, or you |
|
516 |
+need to know somebody who has. If you're concerned about an attack on |
|
517 |
+this level, we recommend you get involved with the security community |
|
518 |
+and start meeting people. |
|
497 | 519 |
</p> |
498 | 520 |
|
499 | 521 |
<hr /> |
500 | 522 |