[tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 20 14:12:40 UTC 2019
#24964: dos: Block single hop client at the HSDir
--------------------------------------+------------------------------------
Reporter: dgoulet | Owner: dgoulet
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.4.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-dos, tor2web, tor-hs | Actual Points: 0.1
Parent ID: #24962 | Points: 0.1
Reviewer: | Sponsor: Sponsor27-must
--------------------------------------+------------------------------------
Changes (by dgoulet):
* status: needs_revision => needs_review
Comment:
After discussion with teor on IRC, it appears the patch are good.
Reason is that a single onion service will always 3-hop to the HSDir. Thus
anything not authenticating on the directory connection channel means it
is not a public relay.
The goal of this is also to not allow C -> Bridge -> HSDir.
> Maybe I missed it, but, is there something specific we're aiming to fix
with this patch? Or is this just completeness from the earlier "stop
allowing single-hop anything" changes?
To answer your question Roger, completeness yes. Point is to close down
any access to HS component in a single hop fashion to both remove load on
the network but also stop very early any single hop clients instead of
stopping them at the rendezvous point only.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24964#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list