commit 363c86587df057f1b2cd1ba429d6a0a8873ee983 Author: Nick Mathewson nickm@torproject.org Date: Wed Jan 11 12:33:56 2012 -0500

Add AUTHORIZE cell type to tor-spec.txt from prop187 --- proposals/000-index.txt | 8 ++++---- proposals/187-allow-client-auth.txt | 2 +- tor-spec.txt | 12 ++++++++++-- 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/proposals/000-index.txt b/proposals/000-index.txt index 950bc38..92669b9 100644 --- a/proposals/000-index.txt +++ b/proposals/000-index.txt @@ -107,10 +107,10 @@ Proposals by number: 184 Miscellaneous changes for a v3 Tor link protocol [CLOSED] 185 Directory caches without DirPort [OPEN] 186 Multiple addresses for one OR or bridge [DRAFT] -187 Reserve a cell type to allow client authorization [OPEN] +187 Reserve a cell type to allow client authorization [CLOSED] 188 Bridge Guards and other anti-enumeration defenses [OPEN] 189 AUTHORIZE and AUTHORIZED cells [OPEN] -190 Password-based Bridge Client Authorization [OPEN] +190 Bridge Client Authorization Based on a Shared Secret [OPEN] 191 Bridge Detection Resistance against MITM-capable Adversaries [OPEN] 192 Automatically retrieve and store information about bridges [OPEN]

@@ -142,10 +142,9 @@ Proposals by status: 177 Abstaining from votes on individual flags [for 0.2.3.x] 180 Pluggable transports for circumvention [for 0.2.3.x] 185 Directory caches without DirPort - 187 Reserve a cell type to allow client authorization [for 0.2.3.x] 188 Bridge Guards and other anti-enumeration defenses 189 AUTHORIZE and AUTHORIZED cells - 190 Password-based Bridge Client Authorization + 190 Bridge Client Authorization Based on a Shared Secret 191 Bridge Detection Resistance against MITM-capable Adversaries 192 Automatically retrieve and store information about bridges [for 0.2.[45].x] ACCEPTED: @@ -205,6 +204,7 @@ Proposals by status: 181 Optimistic Data for Tor: Client Side [in 0.2.3.3-alpha] 183 Refill Intervals [in 0.2.3.5-alpha] 184 Miscellaneous changes for a v3 Tor link protocol [for 0.2.3.x] + 187 Reserve a cell type to allow client authorization [for 0.2.3.x] SUPERSEDED: 112 Bring Back Pathlen Coin Weight 113 Simplifying directory authority administration diff --git a/proposals/187-allow-client-auth.txt b/proposals/187-allow-client-auth.txt index 6a9e2da..67c878e 100644 --- a/proposals/187-allow-client-auth.txt +++ b/proposals/187-allow-client-auth.txt @@ -2,7 +2,7 @@ Filename: 187-allow-client-auth.txt Title: Reserve a cell type to allow client authorization Author: Nick Mathewson Created: 16-Oct-2011 -Status: Open +Status: Closed Target: 0.2.3.x

Overview: diff --git a/tor-spec.txt b/tor-spec.txt index 28eca98..fea3073 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -345,6 +345,7 @@ see tor-design.pdf. 129 -- CERTS (Certificates) (See Sec 4.2) 130 -- AUTH_CHALLENGE (Challenge value) (See Sec 4.3) 131 -- AUTHENTICATE (Client authentication)(See Sec 4.5) + 132 -- AUTHORIZE (Client authorization) (Not yet used)

The interpretation of 'Payload' depends on the type of the cell. PADDING: Payload is unused. @@ -399,8 +400,15 @@ see tor-design.pdf. authenticate, it waits until it gets the AUTH_CHALLENGE cell, and then sends a CERTS cell, an AUTHENTICATE cell (4.4), and a NETINFO cell. When this handshake is in use, the first cell must - still be VERSIONS, and no other cell type is allowed to intervene - besides those specified, except for PADDING and VPADDING cells. + be VERSIONS, VPADDING or AUTHORIZE, and no other cell type is allowed to + intervene besides those specified, except for PADDING and VPADDING cells. + + The AUTHORIZE cell type is reserved for future use by scanning-resistance + designs. + + [Tor versions before 0.2.3.11-alpha did not recognize the AUTHORIZE cell, + and did not permit any command other than VERSIONS as the first cell of + the in-protocol handshake.]

4.1. Negotiating versions with VERSIONS cells