[tor-bugs] #29583 [Core Tor/Tor]: HSv3: Faulty cross-certs in introduction point keys (allows naive onionbalance for v3s)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jul 25 15:18:28 UTC 2019
#29583: HSv3: Faulty cross-certs in introduction point keys (allows naive
onionbalance for v3s)
-------------------------------------------------+-------------------------
Reporter: asn | Owner: (none)
Type: defect | Status: new
Priority: High | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-hs, scaling, onionbalance, | Actual Points:
040-backport, 035-backport, needs-proposal, |
network-team-roadmap-september, security, |
041-longterm, 041-deferred-20190530 |
Parent ID: | Points: 4
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by dgoulet):
* sponsor: Sponsor27-can =>
* parent: #26768 =>
* milestone: Tor: 0.4.2.x-final => Tor: unspecified
Comment:
From the Stockholm 2019 tor meeting discussions:
- As a first step and considering our sponsor27 timeline, we'll not fix
this for now but still consider it a security problem and thus needs to be
fixed at some point.
- By not fixing this, we can proceed with the easy implementation for
OnionBalance v3 (#26768).
- Proposal 306 is being proposed for OnionBalance v3 support which assumes
that one day this bug is fixed.
I'm moving this one out of Sponsor 27 because again the decision is not to
fix it for now. I'm hoping for us to provide a reasoning soon on tor-dev@
on why.
Moving this out of 042 Milestone and unparenting. Prop306 does link to
this ticket so we don't forget about it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29583#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list