Write a proposal for client-side key pinning

Proposal 220 suggests that we pin RSA and Ed25519 identity keys to one another authority-side. Roger suggested to me that we also consider doing client-side identity pinning.

changed milestone to %Tor: unspecified

added component::core tor/tor milestone::Tor: unspecified needs-proposal priority::medium severity::normal status::needs-information tor-client type::defect labels

Trac:
Keywords: tor-client needs-proposal deleted, tor-client needs-proposal 026-triaged-1 added

I started writing up a proposal draft here, but I'm not currently seeing the point of it. If a client has a correct consensus, it should get the correct RSA1024<->Ed25519 mappings unless the authorities are lying. But if the authorities are lying, they can poison the clients in lots of other ways too.

Similarly, for stuff like bridges, we can export the ed25519 key in the bridge line, and we don't need to remember the RSA1024 key at all. That's probably a better idea than pinning in the first place, right?

For guards, we should remember every public key we've seen for the guard, and only connect if all the keys are good.

So, what's the value here? What's the threat model it helps for?

Trac:
Status: new to needs_information

Trac:
Cc: N/A to arma

Trac:
Milestone: Tor: 0.2.6.x-final to Tor: 0.2.???

Milestone renamed

Trac:
Milestone: Tor: 0.2.??? to Tor: 0.3.???

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

Trac:
Milestone: Tor: 0.3.??? to Tor: unspecified
Keywords: tor-client needs-proposal 026-triaged-1 deleted, tor-client, 026-triaged-1, needs-proposal, tor-03-unspecified-201612 added

Remove an old triaging keyword.

Trac:
Keywords: tor-03-unspecified-201612 deleted, N/A added

Trac:
Keywords: 026-triaged-1 deleted, N/A added

Set all open tickets without a severity to "Normal"

Trac:
Severity: N/A to Normal

mentioned in issue #11120 (moved)

moved to tpo/core/tor#11119 (closed)