[tor-bugs] #19163 [Core Tor/Tor]: Maybe RSOS single-hop circuits should always have ntor

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 12 01:58:35 UTC 2016


#19163: Maybe RSOS single-hop circuits should always have ntor
---------------------------------------------+-----------------------------
 Reporter:  teor                             |          Owner:  teor
     Type:  defect                           |         Status:
 Priority:  Medium                           |  needs_review
Component:  Core Tor/Tor                     |      Milestone:  Tor:
 Severity:  Normal                           |  0.2.9.x-final
 Keywords:  rsos, tor-hs, TorCoreTeam201607  |        Version:
Parent ID:                                   |     Resolution:
 Reviewer:                                   |  Actual Points:  5
                                             |         Points:  1.0
                                             |        Sponsor:
---------------------------------------------+-----------------------------
Changes (by teor):

 * status:  needs_revision => needs_review
 * actualpoints:  3 => 5


Comment:

 Please see my branch reject-tap-v3-rebased on
 https://github.com/teor2345/tor.git
 I am happy to take reviews through gitlab at
 https://gitlab.com/teor/tor/merge_requests/1/diffs

 It makes the following changes:
 - Relays make sure their own descriptor has an ntor key.
 - Authorites no longer trust the version a relay claims (if any), instead,
 they check specifically for an ntor key.
 - Clients avoid downloading a descriptor if the relay version is too old
 to support ntor.
 - Client code never chooses nodes without ntor keys: they will not be
 selected during circuit-building, or as guards, or as directory mirrors,
 or as introduction or rendezvous points.
 - Circuit-building code assumes that all hops can use ntor, except for
 rare hidden service protocol cases.
 - Clients opportunistically upgrade to intro point ntor onion keys in
 relay descriptors. If they do not have a relay descriptor, they fall back
 to using the intro point TAP onion key in the hidden service descriptor.
 - Hidden services opportunistically upgrade to rend point ntor onion keys
 in relay descriptors. If they do not have a relay descriptor, they fall
 back to using the rend point TAP onion key in the INTRODUCE cell.

 Other tickets:

 There's a single onion service stub function in this code that will
 conflict with #17178, whichever is merged later will have to delete it, or
 get a compile error. (And it says so in the function comment.)

 I split off #19649, because there's no ntor onion key link specifier.
 This changes some code that's related to hidden service reachability
 (#17945, #19662, and #19663).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19163#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list