Opened 2 years ago

Closed 2 years ago

#22862 closed defect (fixed)

tor-spec doesn't say how clients authenticate authorities or fallback directories

Reported by: teor Owned by: teor
Priority: Medium Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Normal Keywords: review-group-21
Cc: Actual Points:
Parent ID: Points: 0.2
Reviewer: Sponsor:

Description (last modified by teor)

     In all handshake variants, once all certificates are exchanged, all
     parties receiving certificates must confirm that the identity key is as
     expected.  (When initiating a connection, the expected identity key is
-    the one given in the directory; when creating a connection because of an
+    when no reasonably live consensus is available: the one given in the hard-coded authority or fallback list;
+    when there is a reasonably live consensus: the one in the directory; when creating a connection because of an
     EXTEND cell, the expected identity key is the one given in the cell.)  If
     the key is not as expected, the party must close the connection.

Child Tickets

Change History (9)

comment:1 Changed 2 years ago by teor

Description: modified (diff)

comment:2 Changed 2 years ago by teor

Status: newneeds_review

Someone probably needs to fix the line wrapping when this is applied.

comment:3 Changed 2 years ago by teor

Description: modified (diff)

Let's be more precise

comment:4 Changed 2 years ago by teor

Description: modified (diff)

Ok, I think I could do with some help re-phrasing this.
The description has my best attempt at it.

comment:5 Changed 2 years ago by nickm

Keywords: review-group-21 added

comment:6 Changed 2 years ago by nickm

Owner: set to teor
Status: needs_reviewassigned

setting owner

comment:7 Changed 2 years ago by nickm

Status: assignedneeds_review

comment:8 Changed 2 years ago by nickm

Reviewer: nickm

comment:9 Changed 2 years ago by nickm

Resolution: fixed
Reviewer: nickm
Status: needs_reviewclosed

I tweaked your wording a little in 6c19e603c825cdbf4a6dc33196c792bf47c19bba; thanks!

Note: See TracTickets for help on using tickets.