Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

Secure SOCKS (SOCKS over SSL/TLS)

Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action! :-)
User avatar

Topic Author
parityboy
Site Admin
Posts: 1228
Joined: Wed Feb 05, 2014 3:47 am

Secure SOCKS (SOCKS over SSL/TLS)

Postby parityboy » Tue Feb 17, 2015 3:44 am

DISCLAMER: I am not a cryptographer of any degree. At all.

Anyone who uses Tor knows that the Tor client relay exposes a SOCKS interface for the browser and other applications to connect to. Due to the (hideously) insecure nature of the SOCKS protocol, access to a SOCKS interface can realistically only safely be deployed locally - i.e. on the same machine as the client application (browser, IRC client, whatever).

While following all of the tunception work going on around here, a few thoughts bubbled to the surface concerning access to darknets such as Tor and I2P (mostly Tor). torstorm enables Web-based access to Tor hidden services; the Tor client relay is accessed through its SOCKS interface on the same box. However, I'm wondering if there is an opportunity to secure and harden SOCKS by deploying it over TLS.

Implemented correctly, this would allow a clearnet<->darknet service to be split among multiple boxes which could be physically (and geographically) separated from each other, and the secure connection would terminate within the memory space of the receiving SOCKS-S server.

During my research I came across this draft from 1997. Being so old, it was based upon SSL 3.0 (which is now (un)officially dead), but it could probably be updated to support TLS 1.2. The obvious question in all of this is of course, "is it actually worth it?". Personally, I believe there are some use cases for it (not user-side though).

I wouldn't mind some opinions on this, so all those who have something to share, please do so. :)

draft-ietf-aft-socks-ssl-00.pdf
(10.17 KiB) Downloaded 373 times

Return to “general chat, suggestions, industry news”

Who is online

Users browsing this forum: Bing [Bot] and 7 guests

Login