Opened 2 years ago

Closed 2 years ago

#26924 closed defect (fixed)

Make single onion service to rend and Tor2web to intro link authentication into a protocol warning

Reported by: teor Owned by: teor
Priority: Medium Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor Version: Tor:
Severity: Normal Keywords: tor-hs, tor-log, tor-relay, certs, handshake, ed25519, 035-roadmap-proposed, 035-must, fast-fix, 035-triaged-in-20180711, 029-backport, 032-backport, 033-backport, 034-backport
Cc: Actual Points:
Parent ID: #26627 Points:
Reviewer: asn Sponsor:


Single onion services and Tor2web connect directly to relays using untrusted link authentication keys.

These connections can cause a lot of warnings, particularly due to the link auth bugs in #26627.

We can either:

  • downgrade all link auth warnings to protocol warnings on single onion services and Tor2web (this is the fast fix)
  • taint untrusted link auth keys, and then downgrade connections using tainted keys to protocol warnings (this is very intrusive)

Child Tickets

#26927closedteorImprove the log message when peer id authentication failsCore Tor/Tor

Change History (5)

comment:1 Changed 2 years ago by teor

Keywords: tor-hs tor-log 029-backport 032-backport 033-backport 034-backport added
Status: assignedneeds_review
Version: Tor:

I chose the easy option, and opened #26928 for follow-up in some future release.

Please see my branches at :

  • bug26924_029 - downgrades Tor2web and single onion service link auth failures to a protocol warning
  • bug26924_032 - also improves the actual log message so it says "RSA + ed25519" (see #26927)
  • bug26924 - fixes an include path for the mass refactor in master

comment:2 Changed 2 years ago by asn

Reviewer: asn

comment:3 Changed 2 years ago by teor

I added a commit to bug26924 to remove a comment about Tor2web, since #26367 will probably merge.

comment:4 Changed 2 years ago by asn

Status: needs_reviewmerge_ready


comment:5 Changed 2 years ago by nickm

Resolution: fixed
Status: merge_readyclosed

Merged to 0.2.9 and forward. Thanks for all of the well-constructed branches!

Note: See TracTickets for help on using tickets.