diff options
author | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2016-07-08 14:46:00 +1000 |
---|---|---|
committer | teor <teor2345@gmail.com> | 2016-08-24 11:02:00 +1000 |
commit | 10aa913accaf81d72dba6f1bcd9dcc128d9d8703 (patch) | |
tree | 8e7d4db300c9bc8c5a5b1f25c45aa9107ea6f3b7 /changes/reject-tap | |
parent | cad9046632aa168eabda1694775393b38922a03e (diff) | |
download | tor-10aa913accaf81d72dba6f1bcd9dcc128d9d8703.tar.gz tor-10aa913accaf81d72dba6f1bcd9dcc128d9d8703.zip |
Client & HS ignore UseNTorHandshake, all non-HS handshakes use ntor
Rely on onion_populate_cpath to check that we're only using
TAP for the rare hidden service cases.
Check and log if handshakes only support TAP when they should support
ntor.
Diffstat (limited to 'changes/reject-tap')
-rw-r--r-- | changes/reject-tap | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/changes/reject-tap b/changes/reject-tap index 75800184fd..8e616de301 100644 --- a/changes/reject-tap +++ b/changes/reject-tap @@ -1,13 +1,15 @@ o Major bug fixes (circuit building): - - Tor authorities, relays, and clients no longer support - circuit-building using TAP. (The hidden service protocol - still uses TAP.) - - Relays make sure their own descriptor has an ntor key. - - Authorites no longer trust the version a relay claims (if any), - instead, they check specifically for an ntor key. + - Tor authorities, relays, and clients only use ntor, except for + rare cases in the hidden service protocol. + - Authorities, relays and clients specifically check that each + descriptor has an ntor key. - Clients avoid downloading a descriptor if the relay version is too old to support ntor. - - Client code ignores nodes without ntor keys: they will not be - selected during circuit-building, or as guards, or as directory + - Client code never chooses nodes without ntor keys: they will not + be selected during circuit-building, or as guards, or as directory mirrors, or as introduction or rendezvous points. + - Circuit-building code assumes that all hops can use ntor, + except for rare hidden service protocol cases. + - Hidden service client to intro point and service to rendezvous point + connections use the TAP key supplied by the protocol. Fixes bug 19163; bugfix on 0.2.4.18-rc. |