Use observed instead of declared uptime for HSDir

It is important to verify the uptime claim of a relay instead of just trusting it, otherwise it becomes too easy to blackhole a specific hidden service. rephist already has data available that we can use here. Bugfix on 0.2.0.10-alpha.
author: Sebastian Hahn <sebastian@torproject.org> 2011-03-09 11:34:04 +0100
committer: Sebastian Hahn <sebastian@torproject.org> 2011-03-11 18:44:35 +0100
commit: f7a3cdc8f27c2306cf06d742af63846c82ebdc56 (patch)
tree: 7b276a43f4ea8ce0baf8e111523125333fd71e6f /changes/hsdir_assignment
parent: 48c4d532814ae4fdbf07635e57911bdf0e962b75 (diff)
download: tor-f7a3cdc8f27c2306cf06d742af63846c82ebdc56.tar.gz
tor-f7a3cdc8f27c2306cf06d742af63846c82ebdc56.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/changes/hsdir_assignment b/changes/hsdir_assignment
new file mode 100644
index 0000000000..ba019901ee
--- /dev/null
+++ b/changes/hsdir_assignment
@@ -0,0 +1,7 @@
+  o Security fixes:
+    - Directory authorities now use data collected from rephist when
+      choosing whether to assign the HSDir flag to relays, instead of
+      trusting the uptime value the relay reports in its descriptor.
+      This helps prevent an attack where relatively few malaicious
+      nodes can blackhole any given hidden service. Bugfix on
+      0.2.0.10-alpha; fixes bug 2709.
author	Sebastian Hahn <sebastian@torproject.org>	2011-03-09 11:34:04 +0100
committer	Sebastian Hahn <sebastian@torproject.org>	2011-03-11 18:44:35 +0100
commit	f7a3cdc8f27c2306cf06d742af63846c82ebdc56 (patch)
tree	7b276a43f4ea8ce0baf8e111523125333fd71e6f /changes/hsdir_assignment
parent	48c4d532814ae4fdbf07635e57911bdf0e962b75 (diff)
download	tor-f7a3cdc8f27c2306cf06d742af63846c82ebdc56.tar.gz tor-f7a3cdc8f27c2306cf06d742af63846c82ebdc56.zip