nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-24 04:13:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

r16695@tombo: nickm | 2008-07-03 13:00:38 -0400

Browse Source 
add new proposal 149: using netinfo data


svn:r15629
This commit is contained in:
Nick Mathewson 2008-07-03 17:00:42 +00:00
parent 9d7a2d4eae
commit 2365e5ca8c
2 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/spec/proposals/000-index.txt
View File

@ -71,6 +71,7 @@ Proposals by number:
146 Add new flag to reflect long-term stability [OPEN] 146 Add new flag to reflect long-term stability [OPEN]
147 Eliminate the need for v2 directories in generating v3 directories [OPEN] 147 Eliminate the need for v2 directories in generating v3 directories [OPEN]
148 Stream end reasons from the client side should be uniform [OPEN] 148 Stream end reasons from the client side should be uniform [OPEN]
149 Using data from NETINFO cells [OPEN]
Proposals by status: Proposals by status:
@ -95,6 +96,7 @@ Proposals by status:
146 Add new flag to reflect long-term stability 146 Add new flag to reflect long-term stability
147 Eliminate the need for v2 directories in generating v3 directories 147 Eliminate the need for v2 directories in generating v3 directories
148 Stream end reasons from the client side should be uniform 148 Stream end reasons from the client side should be uniform
149 Using data from NETINFO cells
NEEDS-REVISION: NEEDS-REVISION:
110 Avoiding infinite length circuits 110 Avoiding infinite length circuits
117 IPv6 exits 117 IPv6 exits

43
doc/spec/proposals/149-using-netinfo-data.txt Normal file
View File

@ -0,0 +1,43 @@
Filename: 149-using-netinfo-data.txt
Title: Using data from NETINFO cells
Version: $Revision$
Last-Modified: $Date$
Author: Nick Mathewson
Created: 2-Jul-2008
Status: Open
Overview
Current Tor versions send signed IP and timestamp information in
NETINFO cells, but don't use them to their fullest. This proposal
describes how they should start using this info in 0.2.1.x.
Motivation
Our directory system relies on clients and routers having
reasonably accurate clocks to detect replayed directory info, and
to set accurate timestamps on directory info they publish
themselves. NETINFO cells contain timestamps.
Also, the directory system relies on routers having a reasonable
idea of their own IP addresses, so they can publish correct
descriptors. This is also in NETINFO cells.
Learning the time and IP
We need to think about attackers here. Just because a router tells
us that we have a given IP or a given clock skew doesn't mean that
it's true. We believe this information only if we've heard it from
a majority of the routers we've connected to recently, including at
least 3 routers. Routers only believe this information if the
majority inclues at least one authority.
Avoiding MITM attacks
Current Tors use the IP addresses published in the other router's
NETINFO cells to see whether the connection is "canonical". Right
now, we prefer to extend circuits over "canonical" connections. In
0.2.1.x, we should refuse to extend circuits over non-canonical
connections without first trying to build a canonical one.