Opened 2 years ago

Last modified 22 months ago

#22889 new defect

Add "no peer authentication" to the list of client identification methods in tor-spec

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-spec, spec, 032-unreached
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

CREATE_FAST is no longer a reliable client discriminator:

   If an OR sees a circuit created with CREATE_FAST, the OR is sure to be the
   first hop of a circuit.  ORs SHOULD reject attempts to create streams with
   RELAY_BEGIN exiting the circuit at the first hop: letting Tor be used as a
   single hop proxy makes exit nodes a more attractive target for compromise.

Child Tickets

Change History (2)

comment:1 Changed 22 months ago by nickm

Keywords: spec added

Add 'spec' keyword to items that are just spec fixes. These can land after the feature-freeze.

comment:2 Changed 22 months ago by nickm

Keywords: 032-unreached added
Milestone: Tor: 0.3.2.x-finalTor: unspecified

Mark a large number of tickets that I do not think we will do for 0.3.2.

Note: See TracTickets for help on using tickets.