[tor-bugs] #22862 [Core Tor/Tor]: tor-spec doesn't say how clients authenticate authorities or fallback directories

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jul 9 07:38:02 UTC 2017 

#22862: tor-spec doesn't say how clients authenticate authorities or fallback
directories
--------------------------+------------------------------------
 Reporter:  teor          |          Owner:
     Type:  defect        |         Status:  needs_review
 Priority:  Medium        |      Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor  |        Version:  Tor: unspecified
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:  0.2
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Old description:

> {{{
>      In all handshake variants, once all certificates are exchanged, all
>      parties receiving certificates must confirm that the identity key is
> as
>      expected.  (When initiating a connection, the expected identity key
> is
> -    the one given in the directory; when creating a connection because
> of an
> +    when no reasonably live consensus is available: the one given in the
> hard-coded authority or fallback list;
> +    or otherwise, the one in the directory; when creating a connection
> because of an
>      EXTEND cell, the expected identity key is the one given in the
> cell.)  If
>      the key is not as expected, the party must close the connection.
> }}}

New description:

 {{{
      In all handshake variants, once all certificates are exchanged, all
      parties receiving certificates must confirm that the identity key is
 as
      expected.  (When initiating a connection, the expected identity key
 is
 -    the one given in the directory; when creating a connection because of
 an
 +    when no reasonably live consensus is available: the one given in the
 hard-coded authority or fallback list;
 +    when there is a reasonably live consensus: the one in the directory;
 when creating a connection because of an
      EXTEND cell, the expected identity key is the one given in the cell.)
 If
      the key is not as expected, the party must close the connection.
 }}}

--

Comment (by teor):

 Ok, I think I could do with some help re-phrasing this.
 The description has my best attempt at it.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22862#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list