diff options
author | Nick Mathewson <nickm@torproject.org> | 2014-05-06 16:28:34 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2014-05-06 16:28:34 -0400 |
commit | ea570fa13c3305406790125d01de301b3f894ab1 (patch) | |
tree | 093f038f2e69621d65ef4fc25541391cd7316823 /changes | |
parent | 4a621a50f53ebeac62d30f427c2db0c627f80a31 (diff) | |
download | tor-ea570fa13c3305406790125d01de301b3f894ab1.tar.gz tor-ea570fa13c3305406790125d01de301b3f894ab1.zip |
changes file for bug11743
Diffstat (limited to 'changes')
-rw-r--r-- | changes/bug11743 | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/changes/bug11743 b/changes/bug11743 new file mode 100644 index 0000000000..89e4bbc2b1 --- /dev/null +++ b/changes/bug11743 @@ -0,0 +1,15 @@ + o Major security fixes (directory authorities): + + - Directory authorities now include a digest of each relay's + identity key as a part of its microdescriptor. + + This is a workaround for bug #11743, where Tor clients do not + support receiving multiple microdescriptors with the same SHA256 + digest in the same consensus. When clients receive a consensus + like this, they only use one of the relays. Without this fix, a + hostile relay could selectively disable client use of target + relays by constucting a router descriptor with a different + identity and the same microdescriptor parameters and getting the + authorities to list it in a microdescriptor consensus. This fix + prevents an attacker from causing a microdescriptor collision, + because the router's identity is not forgeable. |