clean up the KeyManagement faq entry
Roger Dingledine

Roger Dingledine commited on 2008-11-23 08:25:36
Zeige 1 geänderte Dateien mit 41 Einfügungen und 19 Löschungen.

... ...
@@ -456,44 +456,66 @@ director for information on making grants or major donations.
456 456
 used for?</a></h3>
457 457
 
458 458
 <p>
459
-Every Tor relay has a public decryption key (rotated once a
460
-week). When the Tor clients establish circuits, at each step they <a
461
-href="<svnsandbox>doc/design-paper/tor-design.html#subsec:circuits">demand
462
-that the Tor relay prove knowledge of its private key</a>. That way
459
+Tor uses a variety of different keys, with three goals in mind: 1)
460
+encryption (inside the Tor network), 2) authentication so you know you're
461
+talking to the relays you meant to talk to, and 3) signatures to make
462
+sure all users know the same set of relays.
463
+</p>
464
+
465
+<p>
466
+<b>Encryption</b>: first, all connections in Tor use TLS link encryption,
467
+so observers can't look inside to see which circuit a given cell is
468
+intended for. Further, the Tor client establishes an ephemeral encryption
469
+key with each relay in the circuit, so only the exit relay can read
470
+the cells. Both sides discard the circuit key when the circuit ends,
471
+so logging traffic and then breaking into the relay to discover the key
472
+won't work.
473
+</p>
474
+
475
+<p>
476
+<b>Authentication</b>:
477
+Every Tor relay has a public decryption key called the "onion key".
478
+When the Tor client establishes circuits, at each step it <a
479
+href="<svnsandbox>doc/design-paper/tor-design.html#subsec:circuits">demands
480
+that the Tor relay prove knowledge of its onion key</a>. That way
463 481
 the first node in the path can't just spoof the rest of the path.
482
+Each relay rotates its onion key once a week.
464 483
 </p>
465 484
 
466 485
 <p>
486
+<b>Coordination</b>:
467 487
 How do clients know what the relays are, and how do they know that they
468
-have the right keys for them? The directory servers provide a signed list
469
-of all the approved relays, and in that list are a set of self-signed
470
-certificates from each relay, specifying their keys, locations, exit
471
-policies, and so on. So unless the adversary can control a directory
472
-server (and starting in Tor 0.1.1.x, a threshold of the directory
473
-servers), he can't trick the Tor client into using other Tor relays.
488
+have the right keys for them? Each relay has a long-term public signing
489
+key called the "identity key". Each directory authority additionally has a
490
+"directory signing key". The directory authorities provide a signed list
491
+of all the known relays, and in that list are a set of certificates from
492
+each relay (self-signed by their identity key) specifying their keys,
493
+locations, exit policies, and so on. So unless the adversary can control
494
+a threshold of the directory authorities, he can't trick the Tor client
495
+into using other Tor relays.
474 496
 </p>
475 497
 
476 498
 <p>
477
-How do clients know what the directory servers are? The list comes with
478
-the Tor distribution. It hard-codes their locations and their public
479
-keys. So the only way to trick the user into using a fake Tor network
499
+How do clients know what the directory authorities are? The Tor software
500
+comes with a built-in list of location and public key for each directory
501
+authority. So the only way to trick users into using a fake Tor network
480 502
 is to give them a specially modified version of the software.
481 503
 </p>
482 504
 
483 505
 <p>
484 506
 How do users know they've got the right software? When we distribute
485 507
 the source code or a package, we digitally sign it with <a
486
-href="http://www.gnupg.org/">GNU Privacy Guard</a>. Also see the <a
508
+href="http://www.gnupg.org/">GNU Privacy Guard</a>. See the <a
487 509
 href="https://wiki.torproject.org/noreply/TheOnionRouter/VerifyingSignatures">instructions
488 510
 on how to check Tor's signatures</a>.
489 511
 </p>
490 512
 
491 513
 <p>
492
-In order to be absolutely certain that it's signed by the developers,
493
-you need to have met them in person and gotten a copy of their key
494
-fingerprint, or you need to know somebody who has. If you're concerned
495
-about an attack on this level, we recommend you get involved with the
496
-security community and start meeting people.
514
+In order to be certain that it's really signed by us, you need to have
515
+met us in person and gotten a copy of our GPG key fingerprint, or you
516
+need to know somebody who has. If you're concerned about an attack on
517
+this level, we recommend you get involved with the security community
518
+and start meeting people.
497 519
 </p>
498 520
 
499 521
 <hr />
500 522