commit d2bdea61f788beb6c31d33e7a4dad8c98c075918 Author: Nick Mathewson nickm@torproject.org Date: Thu Sep 7 10:09:11 2017 -0400
Describe actual use of NETINFO fields
Instead of saying the clock skew and "your address" fields are unused, describe the dangers of using them as unconditionally trusted. --- tor-spec.txt | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/tor-spec.txt b/tor-spec.txt index 3431ca5..f7bd546 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -712,8 +712,11 @@ see tor-design.pdf.
Implementations MAY use the timestamp value to help decide if their clocks are skewed. Initiators MAY use "other OR's address" to help - learn which address their connections are originating from, if they do - not know it. [As of 0.2.3.1-alpha, nodes use neither of these values.] + learn which address their connections may be originating from, if they do + not know it; and to learn whether the peer will treat the current + connection as canonical. Implementations SHOULD NOT trust these + values unconditionally, especially when they come from non-authorities, + since the other party can lie about the time or IP addresses it sees.
Initiators SHOULD use "this OR's address" to make sure that they have connected to another OR at its canonical address.