Opened 8 years ago

Last modified 3 years ago

#5968 new enhancement

Improve onion key management — at Version 1

Reported by: mikeperry Owned by:
Priority: High Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-relay, path-bias, mike-0.2.5, key-theft
Cc: nickm, arma, rransom, dfc@…, isis Actual Points:
Parent ID: #5456 Points:
Reviewer: Sponsor:

Description (last modified by mikeperry)

As a best practice behavior, a relay should check that the onion key it tried to publish is actually the one it sees in the consensus in which it appears.

The onion key should also be what authenticates the TLS key (rather than the identity key, as it is now).

This would prevent some utility vectors of identity key theft, where a non-targeted upstream MITM attempts to use a relays identity to impersonate it in order to execute a tagging attack (#5456).

Child Tickets

Change History (1)

comment:1 Changed 8 years ago by mikeperry

Description: modified (diff)
Parent ID: #5563#5456

Wrong parent.

Note: See TracTickets for help on using tickets.