[tor-bugs] #26928 [Core Tor/Tor]: Taint untrusted link authentication keys
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jul 25 04:59:17 UTC 2018
#26928: Taint untrusted link authentication keys
------------------------------+------------------------------
Reporter: teor | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: tor-hs
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+------------------------------
We should taint untrusted link auth keys, and then downgrade connections
using tainted keys to protocol warnings.
Link auth keys from the following sources are trusted:
* hard-coded authorities
* the consensus signed by hard-coded authorities
Link auth keys from the following sources are untrusted:
* hardcoded fallback dirs, because relay keys change over time
* our state file (if not confirmed in the consensus), because relay keys
change over time
* onion service descriptors, because they come from untrusted services
* onion service introduce cells, because they come from untrusted clients
Split off #26924.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26928>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list