Opened 8 years ago

Last modified 3 years ago

#5968 new enhancement

Improve onion key management — at Initial Version

Reported by: mikeperry Owned by:
Priority: High Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-relay, path-bias, mike-0.2.5, key-theft
Cc: nickm, arma, rransom, dfc@…, isis Actual Points:
Parent ID: #5563 Points:
Reviewer: Sponsor:


As a best practice behavior, a relay should check that the onion key it tried to publish is actually the one it sees in the consensus in which it appears.

The onion key should also be what authenticates the TLS key (rather than the identity key, as it is now).

This would prevent some utility vectors of identity key theft, where a non-targeted upstream MITM attempts to use a relays identity to impersonate it in order to execute a tagging attack (#5563).

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.