[tor-bugs] #17604 [Tor]: Try to use only one canonical connection
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Nov 14 21:27:37 UTC 2015
#17604: Try to use only one canonical connection
-----------------------+---------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #16861 | Points:
Sponsor: |
-----------------------+---------------------------
Comment (by mikeperry):
I'm also tempted to patch channel_tls_matches_target_method() so that it
allows extend cells to be sent on an orconn if they match either the
descriptor address or the actual originating address of an orconn. This
would also help converge on a single orconn for relays that have outbound
traffic from different IPs as their inbound traffic.
However, it will also mean that it becomes possible to steal a relay's
keys and start making TLS connections to all other relays from anywhere on
the Internet, and wait for those connections to become old enough to be
chosen for extends. This issue may outweigh the corner case. It probably
does, in fact. Happy to hear thoughts, though. Maybe there are other
things that would prevent this attack?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17604#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list