[tor-bugs] #22805 [Core Tor/Tor]: Remove or_circuit_t.is_first_hop, because it's not accurate any more

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Sep 21 21:12:31 UTC 2017

#22805: Remove or_circuit_t.is_first_hop, because it's not accurate any more
 Reporter:  teor                                 |          Owner:  nickm
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.2.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  technical-debt, security-review,     |  Actual Points:  .3
  review-group-23                                |
Parent ID:                                       |         Points:  1
 Reviewer:  asn                                  |        Sponsor:
Changes (by nickm):

 * status:  needs_revision => needs_review


 Replying to [comment:14 teor]:
 > I think we can take out all the code that deals with CREATE_FAST,
 including the code around `cfe6b444d652464b0b6bb18b4a4a24b0cfb0da81`

 I've updated bug22805_v2 with this change.

 > and just check for a non-zero identity digest.

 Hm; that's a bigger change than we'd been talking about here; I think I
 should open another ticket to change it in 0.3.3. Would that be okay with

 > If a connecting peer has a zero identity digest, it's a client/bridge,
 if it doesn't, it's a relay. (A listening peer is always a relay.
 Interestingly, bridges look like relays to clients, but look like clients
 to public relays.)
 > If a connecting peer uses CREATE_FAST, it might be an old client, or a
 bootstrapping client, or a bootstrapping relay (on 0.2.9 and later).

 > But I'm unsure what happens after the initial circuit, when a
 bootstrapping relay `A` uses CREATE_FAST to `B`.
 > Does `A` authenticate to the listening relay `B` once `A` has a
 > Or, if `A` has authenticated `B`, but `B` never authenticated `A`:
 > * does `A` discard its early connection to `B`?
 > * does `A` use its early connections for client extends to `B`, but `B`
 doesn't use that connection for client extends to `A`?

 So, authentication decisions aren't made as part of the
 CREATE/CREATE2/CREATE_FAST layer: they all happen as part of the
 connection layer.  Relays ''always'' offer authentication, and they don't
 need a consensus to do so.  So if two relays are talking, then in theory
 they should always do so in an authenticated way.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22805#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list