[or-cvs] make connection_tls_finish_handshake() more plausible.

Adam Shostack adam at homeport.org
Wed Jul 21 13:16:30 UTC 2004

On Wed, Jul 21, 2004 at 02:14:55AM -0400, Roger Dingledine wrote:
| [ For context, the cvs commit message is here:
| http://archives.seul.org/or/cvs/Jul-2004/msg00087.html ]
| On Tue, Jul 20, 2004 at 11:32:12PM -0400, Paul Syverson wrote:
| > If we're going to accept connections from unknown routers, then
| > there should probably be a policy choice setting for that, possibly
| > a bound on how many rather than just a yes/no. Yes? No?
| Is accepting connections from unknown routers a security risk? We still
| choose paths the same way we did before (that is, from the list of
| verified routers in one of the directories).

It seems to me that it may open a DOS risk, where a client can send
messages that claim to be starting a SSL session, and then require an
assymetric amount of work from the router.


More information about the tor-dev mailing list