Skip to content
Snippets Groups Projects
New look
Closed (moved) Improve onion key and TLS management
  • View options

    • Improve onion key and TLS management

  • View options
    • Closed (moved) Issue created by Mike Perry

    As a best practice behavior, a relay should check that the onion key it tried to publish is actually the one it sees in the consensus in which it appears.

    The onion key should also be what authenticates the TLS key (rather than the identity key, as it is now).

    This would prevent some utility vectors of identity key theft, where a non-targeted upstream MITM attempts to use a relays identity to impersonate it in order to execute a tagging attack (#5456 (moved)).

    Linked items ... 0

    • Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first
    Loading Loading Loading Loading Loading Loading Loading Loading Loading Loading