Suppose Alice wants to visit the Web site activist.com using TOR-like service. T

Question

Suppose Alice wants to visit the Web site activist.com using TOR-like service. The service uses two non-colluding proxy servers Proxy 1 and Proxy 2. Alice first obtains the certificates (each containing a public key) for Proxy 1and Proxy 2 from some central server.Denote K+1( ), K+2( ), K-1( ), K-2( ) for the encryption/decryption with public and private RSA keys.
a. Using a timing diagram , provide a protocol (as simple as possible) that enables Alice to establish a shared session key S1 with Proxy 1 . Denote S1(m) for encryption/decryption of data m with the shared key S1.
b. Using a timing diagram , provide a protocol (as simple as possible) that allows Alice to establish a shared session key S2 with Proxy 2 without revealing her IP address to Proxy 2.
c. Assume that shared keys S1 and S2 are now established. Using a timing diagram, provide a protocol ( as simple as possible and not using public-key cryptography) that allows Alice to request an html page from activist.com without revealing her IP address to Proxy 2 and without revealing to Proxy 1 which she is visiting. Your diagram should end with an HTTP request arriving at activist.com.

Explanation / Answer

The proxyPolicy field in the proxyCertInfo extension does not define a policy language to be used for proxy restrictions; rather, it places the burden on those parties using that extension to define an appropriate language, and to acquire an OID for that language (or to select an appropriate previously-defined language/OID). Because it is essential for the PI that issues a certificate with a proxyPolicy field and the relying party that interprets that field to agree on its meaning, the policy language OID must correspond to a policy language (including semantics), not just a policy grammar. The policyLanguage field has two values of special importance, defined in Appendix A, that MUST be understood by all parties accepting Proxy Certificates: * id-ppl-inheritAll indicates that this is an unrestricted proxy that inherits all rights from the issuing PI. An unrestricted proxy is a statement that the Proxy Issuer wishes to delegate all of its authority to the bearer (i.e., to anyone who has that proxy certificate and can prove possession of the associated private key). For purposes of authorization, this an unrestricted proxy effectively impersonates the issuing PI. * id-ppl-independent indicates that this is an independent proxy that inherits no rights from the issuing PI. This PC MUST be treated as an independent identity by relying parties. The only rights this PC has are those granted explicitly to it. for further information visit the following page: http://www.ietf.org/rfc/rfc3820.txt

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.