Changes between Initial Version and Version 1 of Ticket #24404, comment 3


Ignore:
Timestamp:
Nov 26, 2017, 3:09:46 AM (2 years ago)
Author:
teor
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #24404, comment 3

    initial v1  
    22  * use an IPv6 exit to connect to our ORPort (this doesn't authenticate that the remote port actually belongs to us)
    33  * use a magic value for the identity (all zeroes?) when connecting to our ORPort, to force a new connection (DoS risk, doesn't authenticate, but does check addresses in the NETINFO cell)
     4  * put flags in the extend cell that say "must IPv6"? (also a DoS risk)
    45  * close an old/unused connection, and then extend a preemptive circuit to ourselves over IPv6
    5   * put flags in the extend cell that say "must IPv6"?
    66  * some smarter mechanism?
     7
     8Edit: note another DoS risk